[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Nick Coghlan
ncoghlan at gmail.com
Mon Mar 24 09:44:30 CET 2014
On 24 Mar 2014 15:25, "Chris Angelico" <rosuav at gmail.com> wrote:
> As has already been pointed out, this can already happen, but in an
> ad-hoc way. Making it official or semi-official would mean that a
> script written for Debian's "Python 2.7.10" would run on Red Hat's
> "Python 2.7.10", which would surely be an advantage.
And having it break on the official Windows and Mac OS X binaries would
benefit end users, how?
The position I am coming to is that the "enhanced security" release should
be the default one that we publish binary installers for, but we should
also ensure that downstream redistributors can easily do "Python 2.7 with
legacy SSL" releases if they so choose. I'm happier forcing end users to
rely on a redistributor to opt in to a lower security option than I am to
knowingly publish too many additional releases with network security
infrastructure that is (at best) rapidly approaching its use by date.
Cheers,
Nick.
>
> ChrisA
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140324/9e585cf3/attachment.html>
More information about the Python-Dev
mailing list