[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)
Ned Deily nad at acm.org
Sat Mar 22 23:39:28 CET 2014
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <CADiSq7czsp1FLv31iZZ01_9aVgyzsC1j6+d2T5AuP2ByU979oA at mail.gmail.com>, Nick Coghlan <ncoghlan at gmail.com> wrote:
I have just posted a proposal to change the way we treat enhancements that relate to Python's support for network security enhancements.
+1
[...]
Open Questions ==============
* What are the risks associated with allowing OpenSSL to be updated to new feature versions in the Windows and Mac OS X binary installers for maintenance releases?
Regarding the python.org binary installers, I think past practice has been for us to update third-party libraries as necessary in maintenance releases when there is good cause and with the concurrence of the release manager, so I don't see this as a big issue. For the OS X binary installer, the issue for OpenSSL has been that we dynamically link to the system-supplied OpenSSL libraries and that, for various reasons, Apple has deprecated (and frozen at non-current OpenSSL releases) the use of those libraries in favor of their own security frameworks. So, for multiple reasons, including the risk that OpenSSL may be dropped from an upcoming major release of OS X, we need to start supplying our own version with all OS X binary installers. That's the plan regardless of the outcome of this PEP.
-- Ned Deily, nad at acm.org
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]