[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)
Victor Stinner victor.stinner at gmail.com
Sun Mar 23 10:48:57 CET 2014
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
2014-03-22 22:11 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>:
In particular, the exception will apply to:
* the
sslmodule * thehashlibmodule * thehmacmodule * theshamodule (Python 2 only) * the components of other networking modules that make use of these modules * the components of therandomandosmodules that are relevant to cryptographic applications * the version of OpenSSL bundled with the binary installers
The current Python development cycle is too slow to track latest security recommandations. Python 2.7 is now very far from Python 3.4, so backportng so many features is very complex and error-prone.
IMO A third-party module backporting all these security enhancements would be easy to develop. There are already M2Crypto, cryptography and PyOpenSSL modules for example. You may reuse them.
The drawback is that applications would be benefit immediatly from this work, they should be modified to use the new module. But usually, developers who care of security are able to do these modifications.
The PEP is very generic. Can you try to list all missing security features of old Python versions?
Victor
- Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]