[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)

Terry Reedy tjreedy at udel.edu
Mon Mar 24 01:50:52 CET 2014

• Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/23/2014 7:48 PM, Nick Coghlan wrote:

Agreed. That's a key part of why the proposal is mainly about syncing certain key modules with their Python 3 counterparts, rather than piecemeal backports. That way, all you need to know is "the SSL, hashlib and hmac modules are kept in sync with Python 3 feature releases, but use the same default settings as the original Python 2.7 release".

If you restrict the proposal to just those three modules, then the proposal could be to just add three new modules to 2.7: ssl3, hashlib3, and hmac3. Each would be regularly updated backports of the 3.x modules with two differences: defaults for settings that exist in 2.7 would remain as in 2.7 and would not be updated*, and each module would get a .py3_ver x.y.z attribute so code could be conditioned on which backport version it is running with.

• though users would be encouraged to use the most secure settings.

-- Terry Jan Reedy

• Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list