[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)

Victor Stinner victor.stinner at gmail.com
Sun Mar 23 11:31:12 CET 2014

Hi,

2014-03-23 11:17 GMT+01:00 <martin at v.loewis.de>:

Quoting Victor Stinner <victor.stinner at gmail.com>:

The drawback is that applications would be benefit immediatly from this work, they should be modified to use the new module. But usually, developers who care of security are able to do these modifications. I think asking developers to make significant modifications to their code is besides the point of the PEP.

I expect something like replacing "import ssl" with "from safestdlib import ssl", same for other modules.

FYI I backported some Python 3.3 modules for Python 2.7 for my Trollius project, and it was not so hard. For ssl.SSLContext, it's an empty class, it's just a wrapper to ssl.wrap_socket() which raises errors when unsupported features are used. http://trollius.readthedocs.org/#backports

I wrote Trollius to port OpenStack to Python 3, not to defer the port :-)

However, if they are willing to make changes, I'd still recommend that they port their code to Python 3, as that is the better long-term investment.

It's not always possible. For example, the OpenStack projet still have +30 dependencies which are not Python 3 compatible yet. https://wiki.openstack.org/wiki/Python3#Dependencies

We are porting these dependencies, but it may still take one year to port the whole OpenStack project to Python 3. Come to help us :)

Sorry, it's maybe not fair to take the worst example (OpenStack) :-)

Victor

More information about the Python-Dev mailing list