Python Forum
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Version question
#1
Hello. I'm downloaded Python 3.6.4 and i'm very satisfied.

Now i see on Python Download Page a new version (3.4.8) from 2018-02-05. In this version there are several security bug fixes. I am a bit confused Confused Huh Is the lastest stable version 3.6.4 unsecure ?


Should i better use 3.4.8 because all libraries have security fixes but 3.6.4 not ?

Why does the developer build a version with lower version number (but new date) or are both versions developed independently?
Reply
#2
3.6.8 is in a development stage and is not recommended for general use. A fixed security bug in that release doesn't mean that these bugs are not fixed in 3.6.4 version if there were the same bugs at all.

Use the latest stable version.
"As they say in Mexico 'dosvidaniya'. That makes two vidaniyas."
https://freedns.afraid.org
Reply
#3
Sorry. But this answer doesn't match to my version question.

And it also does not explain why there are two versions of Python.
Reply
#4
There are many versions of Python. A bug in one version does not imply that other versions of Python have the same issue.
A security bug which affect many versions, will be fixed in maintained versions.

Maybe 3.6.4 has not this bugs. Just look into the 'Release Notes' and/or on github.
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
Reply
#5
(Feb-14-2018, 08:53 AM)PythonInvasion Wrote: Why does the developer build a version with lower version number (but new date) or are both versions developed independently?
You can see a list of versions and their dates here
https://www.python.org/downloads/

The version system goes off of
major.minor.patch
so 3.6.4 is major version 3, minor version 6, with patch 4

When they move to the next minor version they still release patches for the previous versions knowing people are not going to update every time.

Security bug fixes for everything are always being done. Its not about getting a version that has none, because it does, and just no one knows about it, yet. Its about updating it when its found out, so the vulnerabilities are not used against you. All you have to do is update the interpreter because all the same minor version will run all patches: python 3.6.0 will run python 3.6.5, etc. The same does not ring true to minor/major version though.

Most likely you would not have to worry about. The time you should worry is if you are using python 3.2.0 or something as such old and there are known security bugs that you are not updating. In that case its been long enough for the vulnerabilities to be exploited.
Recommended Tutorials:
Reply
#6
Thanks to everyone, who answered.
Reply


Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020