[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Tue Mar 25 14:47:04 CET 2014
- Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 25 Mar 2014 23:29, "Paul Moore" <p.f.moore at gmail.com> wrote:
On 25 March 2014 13:09, Nick Coghlan <ncoghlan at gmail.com> wrote: > * MvL has indicated he is not prepared to tackle the task of trying to > integrate a newer OpenSSL into the also aging Python 2.7 build > infrastructure on Windows (unfortunately, we've looked into upgrading > that build infrastructure, and the backwards compatibility issues > appear to be effectively insurmountable). We would require a commitment > from another trusted contributor to handle at least this task, and > potentially also taking over the task of creating the official > Python 2.7 Windows installers for the remaining Python 2.7 maintenance > releases. One issue that strikes me is that much of the focus of this PEP is on supporting Linux distributions. This is entirely reasonable, as they are the ones with the sort of long-term support commitments that result in this issue (in the Windows world, possibly ActiveState offer formal support for Python 2.7, but otherwise I'm not aware of actual paid support options that might be relevant on Windows). With that in mind, is it reasonable to expect Linux vendors to support delivery of updated Windows builds of Python 2.7? If not, is it acceptable to python-dev to release a Python 2.7 maintenance release with backported security enhancements only available for Linux? (The same questions can be asked of OSX or Solaris support - this isn't solely a Windows issue). I think the PEP needs to be explicit here about what python-dev expect in terms of cross-platform support. I would assume that the expectation is that we deliver exactly the same level of cross-platform support as for 3.x, but commercial vendors could quite easily miss that implication if it is not spelled out.
The PEP says to sync with Python 3, and that has full cross platform support. The Linux focus just comes from the fact that Linux is where the problem is most evident.
It's not like we're going to just be giving the PEP to vendors as a spec and leaving them to it - it's largely an invitation to participate more directly upstream to help resolve a particularly thorny problem, not a Statement of Work :)
Cheers, Nick.
Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140325/c1a530cf/attachment.html>
- Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]