[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 (original) (raw)

Steve Dower steve.dower at python.org
Tue Jan 16 02:08:54 EST 2018

From my perspective, we can’t keep an OpenSSL-like API and use Windows platform libraries (we could do a requests-like API easily enough, but even urllib3 is painfully low-level).

We have to continue shipping our own copy of OpenSSL on Windows. Nothing to negotiate here except whether OpenSSL releases should trigger a Python release, and I think that decision can stay with the RM.

Good luck solving macOS :o)

Cheers, Steve

Top-posted from my Windows phone

From: Stephen J. Turnbull Sent: Tuesday, January 16, 2018 17:45 To: Matt Billenstein Cc: Christian Heimes; python-dev at python.org Subject: Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >=2.5.3

Matt Billenstein writes:

In my mind it becomes easier to bundle deps in a binary installer across the board (Linux, OSX, Windows) rather than rely on whatever version the operating system provides.

Thing is, as Christian points out, TLS is a rapidly moving target. Every Mac OS or iOS update seems to link to a dozen CVEs for TLS support. We can go there if we have to, but it's often hard to go back when vendor support catches up to something reasonable. I think this is something for Ned and Christian and Steve to negotiate, since they're the ones who are most aware of the tradeoffs and bear the costs.

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40python.org

-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20180116/eca14ea8/attachment.html>

More information about the Python-Dev mailing list