[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)
Paul Moore p.f.moore at gmail.com
Sun Mar 23 00:23:02 CET 2014
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 22 March 2014 23:07, Donald Stufft <donald at stufft.io> wrote:
As someone who is deeply biased towards improving the packaging tool chain and getting people to use it I think that most people will simply use the Stdlib even if a more secure alternative exists. Infact one does exist and I still see almost everyone using the stdlib ssl instead of pyopenssl. At best they have an optional dependency on it which many people who aren't security conscious won't even realize why they should install it.
Windows users typically will not be able to use something like pyopenssl. It's a complex binary dependency with no wheel on PyPI. There are no easily locatable wininst installers, even - and those are messy to use in a virtualenv.
While the stdlib modules may have issues, "depend on pyopenssl" is not a practical solution for many people. Paul
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]