[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance) (original) (raw)

R. David Murray rdmurray at bitdance.com
Wed Nov 25 15:39:54 EST 2015

On Thu, 26 Nov 2015 09:17:02 +1300, Robert Collins <robertc at robertcollins.net> wrote:

On 26 November 2015 at 08:57, Barry Warsaw <barry at python.org> wrote: > There's a lot to process in this thread, but as I see it, the issue breaks > down to these questions: > > * How should PEP 493 be implemented? > > * What should the default be? > > * How should PEP 493 be worded to express the right tone to redistributors? > > Let me take on the implementation details here. > > On Nov 24, 2015, at 04:04 PM, M.-A. Lemburg wrote: > >>I would still find having built-in support for the recommendations >>in the Python stdlib a better approach > > As would I.

For what its worth: a PEP telling distributors to patch the standard library is really distasteful to me. We've spent a long time trying to build close relations such that when something doesn't work distributors can share their needs with us and we can make Python out of the box be a good fit. This seems to fly in the exact opposite direction: we're explicitly making it so that Python builds on these vendor's platforms will not be the same as you get by checking out the Python source code.

I think we should include the environment variable support in CPython and be done with it (nuke the PEP otherwise). Which is what I've thought from the beginning :)

--David

More information about the Python-Dev mailing list