[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Thu Mar 27 10:32:03 CET 2014

On 27 March 2014 18:02, Stephen J. Turnbull <stephen at xemacs.org> wrote:

Alex Gaynor writes:

> Here's my proposed list of such featuers: And suppose that list grows over time? After all, it once was []. If we go for a feature-by-feature list, that has two more-or-less hidden costs. (1) Python-Dev has to specify which ones, and either risks a new specification debate in the future, or needs to spend time now describing criteria and processes for extending the list.

It's not a hidden cost - it's a deliberately chosen one. Guido was wary of an open-ended agreement, so by enumerating the precise set of missing features in Python 2.7 that are causing concern for the network security folks, we get to address the immediate problem, without granting permission to backport further arbitrary features without additional discussion.

(2) Users may need to worry about the list. (OTOH, as long as the list is restricted to features in certain modules, users can choose to assume anything in those modules may have changed behavior and that's no different from Nick's proposal for them.)

The PEP already specifically advises that cross-version compatible code use feature detection rather than version checks. For network security, it's recommended to avoid using the low level modules directly, anyway - it's much better to use a higher level library like requests, to reduce the number of places where we need to get the security design right.

Cheers, Nick.

-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia

More information about the Python-Dev mailing list