[Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7 (original) (raw)

Donald Stufft donald at stufft.io
Wed Mar 26 13:20:01 CET 2014

On Mar 26, 2014, at 8:00 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

Guido and Antoine persuaded me that selective backports would be a better idea for the network security enhancements than the wholesale module backports previously suggested, while Alex and Donald provided the necessary additional details, so here's a revised version of the PEP. Despite making it more explicit, I deleted more lines than I added, strongly suggesting that switching to selective backports was the right call :)

I dealt with the SSL module the way Donald suggested: excluding the RAND* functions, rather than listing everything else. I also changed the headings to make it clear the listed alternatives were rejected ideas, made the footnotes a bit more readable, and tidied up the wording in a few places. Diff: http://hg.python.org/peps/rev/8527f6e2beb0 Web: http://www.python.org/dev/peps/pep-0466/ ========================== PEP: 466 Title: Network Security Enhancement Exception for Python 2.7 Version: RevisionRevisionRevision Last-Modified: DateDateDate Author: Nick Coghlan <ncoghlan at gmail.com>, Status: Draft Type: Informational Content-Type: text/x-rst Created: 23-Mar-2014 Post-History: 23-Mar-2014, 24-Mar-2014, 25-Mar-2014, 26-Mar-2014

This looks reasonable to me still and still solves the major problems that trying to securely use the 2.7 series has.

+1 From me.

Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140326/cda6c144/attachment.sig>

More information about the Python-Dev mailing list