Message12015

Author	stefan.richthofer
Recipients	amak, joanselm, stefan.richthofer
Date	2018-06-24.11:55:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1529841345.97.0.56676864532.issue2694@psf.upfronthosting.co.za>
In-reply-to

Content
The version mapping is not that precise. The goal is to map major and minor version numbers as far as possible. I think language support is mapped rather closely, while runtime support is on best effort basis. The micro version number is completely unrelated and just indicates progress on improving Jython in terms of compatibility to CPython regarding major and minor version as mentioned above, but also general bugfixing, performance, Java integration, etc. I'm not sure if this is somewhere described in user-guides or pages, but this is certainly the current de-facto situation. So, regarding your question, the Jython version that supports Python 2.7.14 most closely is 2.7.1 and soon will be 2.7.2. In no sense the micro version can indicate bug-compatibility to CPython. Given that Jython is fairly different from CPython, a possible vulnerability needs to be investigated for Jython independently. On the other hand, e.g. Java vulnerabilities might affect Jython but obviously not CPython. I'd suggest to report potential vulnerabilities at first privately to the project lead. Ask for contact for this issue on the Jython-dev mailing list.

The version mapping is not that precise. The goal is to map major and minor version numbers as far as possible.
I think language support is mapped rather closely, while runtime support is on best effort basis.
The micro version number is completely unrelated and just indicates progress on improving Jython in terms of
compatibility to CPython regarding major and minor version as mentioned above, but also general bugfixing,
performance, Java integration, etc.
I'm not sure if this is somewhere described in user-guides or pages, but this is certainly the current de-facto
situation. So, regarding your question, the Jython version that supports Python 2.7.14 most closely is 2.7.1 and
soon will be 2.7.2.

In no sense the micro version can indicate bug-compatibility to CPython. Given that Jython is fairly different
from CPython, a possible vulnerability needs to be investigated for Jython independently. On the other hand, e.g.
Java vulnerabilities might affect Jython but obviously not CPython.

I'd suggest to report potential vulnerabilities at first privately to the project lead. Ask for contact for this
issue on the Jython-dev mailing list.

History
Date	User	Action	Args
2018-06-24 11:55:45	stefan.richthofer	set	messageid: <1529841345.97.0.56676864532.issue2694@psf.upfronthosting.co.za>
2018-06-24 11:55:45	stefan.richthofer	set	recipients: + stefan.richthofer, amak, joanselm
2018-06-24 11:55:45	stefan.richthofer	link	issue2694 messages
2018-06-24 11:55:44	stefan.richthofer	create