[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)
Donald Stufft donald at stufft.io
Sun Mar 23 00:57:55 CET 2014
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
They detect for ssl to have the SSLContext and use it if it's available.
On Mar 22, 2014, at 7:54 PM, Paul Moore <p.f.moore at gmail.com> wrote:
On 22 March 2014 23:49, Donald Stufft <donald at stufft.io> wrote: In the case of requests they already have an optional dependency on pyopenssl. It's just many people either don't know they should use it, are unable to use it, or unwilling to use the python packaging tool chain because of its current flaws. Do they use the new features in the Python 3.x ssl module when it's available to give the same level of security as having pyopenssl would, or do they use a "lowest common denominator" (i.e., 2.x compatible) level of security when using the stdlib? If the latter, that would be very, very sad. Paul
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]