[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)
Donald Stufft donald at stufft.io
Sun Mar 23 02:30:17 CET 2014
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mar 22, 2014, at 8:55 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
Moving the affected modules out of the standard library proper and bundling the critical ones along with pip instead is indeed another alternative. However, that approach introduces additional issues of its own - I'll cover some of them in the next PEP update, but it would be good to have someone explicitly trying to make the case that a PyPI backport would be simpler for the overall ecosystem than my suggested approach.
FWIW pip as of right now has a policy of no C dependencies outside of the stdlib. CPython isn’t our only target and C dependencies don’t work very well on PyPy (if at all) and it makes the situation much more difficult on platforms where there are no compiler toolchains (Windows).
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140322/140ff509/attachment-0001.sig>
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]