[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7 (original) (raw)

Barry Warsaw barry at python.org
Wed May 31 17:08:34 EDT 2017

• Previous message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
• Next message (by thread): [Python-Dev] Put token information in one place
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 31, 2017, at 02:09 PM, Jim Baker wrote:

But I object to a completely new feature being added to 2.7 to support the implementation of event loop SSL usage. This feature cannot be construed as a security fix, and therefore does not qualify as a feature that can be added to CPython 2.7 at this point in its lifecycle.

The other problem with this is that there isn't just one CPython 2.7, there are many. It's likely that most people get their Python from whatever distribution/package manager they use. Looking at active Ubuntu/Debian releases you can see Python 2.7's from 2.7.3 to 2.7.13. Few if any of those will get the new feature backported, so that makes it difficult to rely on them being present.

I agree with Jim that it makes sense to backport security fixes. Usually those are more well contained, and thus easier to cherry pick into stable releases. New features are much tougher to justify the potential for regressions.

Cheers, -Barry

• Previous message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
• Next message (by thread): [Python-Dev] Put token information in one place
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list