(original) (raw)

From my perspective, we can’t keep an OpenSSL-like API and use Windows platform libraries (we could do a requests-like API easily enough, but even urllib3 is painfully low-level).

We have to continue shipping our own copy of OpenSSL on Windows. Nothing to negotiate here except whether OpenSSL releases should trigger a Python release, and I think that decision can stay with the RM.

Good luck solving macOS :o)

Cheers,

Steve

Top-posted from my Windows phone

Matt Billenstein writes:

> In my mind it becomes easier to bundle deps in a binary installer

> across the board (Linux, OSX, Windows) rather than rely on whatever

> version the operating system provides.

Thing is, as Christian points out, TLS is a rapidly moving target.

Every Mac OS or iOS update seems to link to a dozen CVEs for TLS

support. We can go there if we have to, but it's often hard to go

back when vendor support catches up to something reasonable. I think

this is something for Ned and Christian and Steve to negotiate, since

they're the ones who are most aware of the tradeoffs and bear the

costs.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Python-Dev mailing list

Python-Dev@python.org

https://mail.python.org/mailman/listinfo/python-dev

Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40python.org