[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)

Cory Benfield cory at lukasa.co.uk
Tue Mar 25 10:35:34 CET 2014

• Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 25 March 2014 09:01, Chris Angelico <rosuav at gmail.com> wrote:

So by that model, current 2.7 is fully compliant, and anything that doesn't actively conflict with that is also compliant. Any script that is written for the current 2.7 is guaranteed also to run on any compliant SEPython; and anything written for SEPython has to gracefully handle (which might mean cleanly bombing) anything down to and including current 2.7. Does that make sense?

Absolutely. =) My additional concern on top of that is wanting users to fall into a pit of success by making it overwhelmingly more likely that users will accidentally end up with the safe version if they aren't paying attention. I'm not hugely bothered about how that's done: I'd just like not to have to field Requests bug reports about lack of security that boil down to a user having grabbed the insecure version by accident.

• Previous message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Next message: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list