[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Tue Mar 25 23:35:37 CET 2014
- Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 26 Mar 2014 00:25, "Paul Moore" <p.f.moore at gmail.com> wrote:
On 25 March 2014 13:47, Nick Coghlan <ncoghlan at gmail.com> wrote: > It's not like we're going to just be giving the PEP to vendors as a spec and > leaving them to it - it's largely an invitation to participate more directly > upstream to help resolve a particularly thorny problem, not a Statement of > Work :) :-) I don't really know the APIs involved, but AIUI one of the 3.4 enhancements is exposing the SSLContext. Is the code to do this compatible with the version of OpenSSL bundled with Python 2.7 on Windows? If not, suppose that Red Hat provide resources that work on backporting the code, but they don't have Windows experts so no-one deals with integrating the new OpenSSL into the Windows binaries. Would the backport be blocked until someone is found to do the Windows work?
We'll get it done. For example, while I definitely approach the problem from a Linux vendor perspective (and that's reflected in the PEP), I also know several folks at Rackspace have expressed concern about the status quo, and the client side of OpenStack is cross platform.
This "I've written a patch but it hasn't been applied" is the type of scenario that puts people off contributing. If it's likely to happen, I think Red Hat have a right to know that in advance. And I don't know that it's something they would appreciate without python-dev pointing it out. If we're reasonably sure (not necessarily certain, there's always grey areas) that this isn't going to be an issue, then that's also fine. We can simply say that.
Yeah, I think we can make sure the right folks are involved to make it happen. The PEP is about me getting agreement in advance that we actually want to see the problem fixed, and the constraints we want to impose on the solution.
Once we have that agreement, I won't be sitting around idly waiting for assistance to magically appear - I'll go looking for it, and I know there are others that will do the same :)
That's all I'm saying. Not trying to require anything of contributors, just trying to be open and explicit about the criteria that will apply to accepting contributions.
I won't expect Linux folks to fix Windows problems (as that rarely works well). If the PEP is accepted, I will ensure we get the policy implemented on all supported platforms for 2.7.7+ by getting appropriate people involved (and will also work on securing the appropriate longer term support commitments).
Cheers, Nick.
Paul. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140326/8749669d/attachment.html>
- Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]