Add new ssh key argument and don't check magic number in old versions

[pablogsal]

No description provided.

[hugovk]

(I pushed a test and lint fix)

[hugovk]

It would be nice to avoid hardcoding this, as it's another thing that needs adding to a longish list when a new version comes around.

Perhaps we can fetch the newest version from https://github.com/python/devguide/blob/main/include/release-cycle.json (and later from python/peps#4331)?

This can also be a followup PR.

[pablogsal]

this is the first version that needed this feature. How fetching the newer version would be cleaner ?

[AA-Turner]

Is it always only the current feature release that this check will apply for? If so, perhaps expanding the security Boolean to a branch status enum would be better, as then we could test if branch-status == feature here.

A

[pablogsal]

No, this particular check applies to all releases that are after we changed that file, that is, anything above or including 3.13

[hugovk]

OK, if the limit is always 3.13 and we don't need to change it, then a hardcoded version makes sense here.

Let's use a tuple so we don't need to worry about Python 4 :)

Suggested change

	if release_tag.major == 3 and release_tag.minor <= 13:
	if not release_tag.as_tuple() >= (3, 14):

[merwok]

Could this be written using <= ?

[hugovk]

Yes, or rather as < (3, 13). I'll open a new PR.

[hugovk]

And similarly, we could check the status in the JSON file.

[hugovk]

Here's a PR to check the status from the devguide, so the RM doesn't have to remember to pass --security each time:

pablogsal#1

Merging that will update this PR.

[hugovk]

I've split out the --ssh-key addition into #279.

[hugovk]

I've split out the remaining changes:

• Only check magic number for 3.14+ #302
• Only wait for Linux files for security releases #303

[hugovk]

All merged, thanks all!