[Python-buildbots] OpenSSL versions on builders
Chris Angelico
rosuav at gmail.com
Mon Sep 4 16:08:38 EDT 2017
On Tue, Sep 5, 2017 at 5:49 AM, Gregory P. Smith <greg at krypto.org> wrote:
> RHEL 7 (the *current* release), Debian Jessie (oldstable) and Ubuntu 14.04
> (old LTS supported in "maintenance" mode until early 2019 -
> https://www.ubuntu.com/info/release-end-of-life) all shipped with 1.0.1
> based OpenSSL. :(
>
> IMNSHO *I still think we should do this to 3.7*. OpenSSL >=1.0.2 provides
> a much more usable API for modern security standards. If we set our
> standards based on the most conservative OS distro out there, we're just
> holding ourselves back.
Does that mean that 3.7 won't be easily able to be deployed, even from
source, on the current RHEL? I've generally followed a policy of "use
the stable OS but then altinstall a newer Python if I want one" -
getting the advantage of a dependable OS distro (Debian in my case,
but same diff) while still using the latest Python for my own personal
work. For Debian and Ubuntu, this change will mean that people have to
switch to the latest stable before building Py3.7; for Red Hat, will
people need to install a second OpenSSL? And if so, is that easy or
hard?
Regarding the buildbot specifically: the Angelico bot is currently
running Debian Jessie, and therefore has 1.0.1. I could upgrade that,
but will wait on a decision wrt 3.7 support first - if Python 3.7 is
going to support Jessie, I'll keep the bot on Jessie.
ChrisA
More information about the Python-Buildbots
mailing list