[Python-Dev] Supported versions of OpenSSL (original) (raw)

Cory Benfield cory at lukasa.co.uk
Tue Aug 30 18:03:11 EDT 2016

• Previous message (by thread): [Python-Dev] Supported versions of OpenSSL
• Next message (by thread): [Python-Dev] Supported versions of OpenSSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30 Aug 2016, at 16:07, M.-A. Lemburg <mal at egenix.com> wrote:

That was not my point. It's unfortunate that Python depends on a library which is inevitably going to need updates frequently, and which then may have the implication that Python won't compile on systems which don't ship with more recent OpenSSL libs - even if your application doesn't even need ssl at all. Crypto is important to have, but at the same time it's not essentially for everything you do in Python, e.g. you can easily run data analysis scripts or applications without ever touching the ssl module. Yet, a move to require OpenSSL 1.0.2 for Python 3.7 will make it impossible to run such apps on systems that still use OpenSSL 1.0.1, e.g. Ubuntu 14.04 or CentOS 7.

If your application doesn’t need SSL, then you can compile without OpenSSL. I just downloaded and compiled the current tip of the CPython repository on a system with no OpenSSL, and the world didn’t explode, it just printed this:

Python build finished successfully! The necessary bits to build these optional modules were not found: _bz2 _curses _curses_panel
_dbm _gdbm _lzma
_sqlite3 _ssl _tkinter
readline zlib
To find the necessary bits, look in setup.py in detect_modules() for the module's name.

So this user you have considered, who needs Python but not the ssl module, is still well served. The ssl module is not mandatory in CPython, and no-one is proposing that it should be.

But the real question is this: who is this hypothetical user? This user apparently needs the latest CPython, but is entirely unwilling to update literally anything else, including moving to a more recent release of their operating system. They are equipped to compile Python from source, but are apparently unwilling or unable to install a more recent OpenSSL from source. I’m not entirely certain that python-dev should be supporting that user: that user should be contacting their LTS supplier.

Cory

• Previous message (by thread): [Python-Dev] Supported versions of OpenSSL
• Next message (by thread): [Python-Dev] Supported versions of OpenSSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list