(original) (raw)

On 3 Sep 2014 08:18, "Alex Gaynor" <alex.gaynor@gmail.com> wrote:
\>
\> Antoine Pitrou pitrou.net> writes:
\>
\> >
\> > And how many people are using Twisted as an HTTPS client?
\> > (compared to e.g. Python's httplib, and all the third-party libraries
\> > building on it?)
\> >
\>
\> I don't think anyone could give an honest estimate of these counts, however
\> there's two factors to bare in mind: a) It's extremely strongly recommended to
\> use requests to make any HTTP requests precisely because httplib is negligent
\> in certificate and hostname checking by default, b) We're talking about
\> Python3, which has fewer users than Python2.

Creating \*new\* incompatibilities between Python 2 & Python 3 is a major point of concern. One key focus of 3.5 is \*reducing\* barriers to migration, and this PEP would be raising a new one.

It's a change worth making, but we have time to ensure there are easy ways to do things like skipping cert validation, or tolerate expired certificates.

Regards,
Nick.