[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)

Donald Stufft donald at stufft.io
Sun Mar 23 16:37:25 CET 2014

On Mar 23, 2014, at 11:34 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:

On Sun, 23 Mar 2014 07:29:07 +0000 Cory Benfield <cory at lukasa.co.uk> wrote:

On 23 March 2014 at 04:32:17, Terry Reedy (tjreedy at udel.edu(mailto:tjreedy at udel.edu)) wrote:

Instead, I think the PEP should propose a special series of server enhancement releases that are based on the final 2.7 maintenance release (2.7.8 or 2.7.9) but which have have a different application-specific enhancement policy.

This is an interesting idea. My biggest problem with it is that, at least with the ssl library, these aren’t server-only problems. If we suggest that they are, we end up in the same position we’re in right now (that is, hurting the internet). For example, Python 2.7’s ssl module lacks the OPNOCOMPRESSION option for OpenSSL, This is easy to change in a bugfix release, though. Someone just has to open an issue and write a patch. Regards Antoine.

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

I already did open an issue and write a patch :)

There’s someone on that issue saying that flipping that without a way to flip it back would break their application.

Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140323/4c05b034/attachment-0001.sig>

More information about the Python-Dev mailing list