[Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7
Brett Cannon
bcannon at gmail.com
Wed Mar 26 15:26:18 CET 2014
On Wed Mar 26 2014 at 8:02:08 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> Guido and Antoine persuaded me that selective backports would be a
> better idea for the network security enhancements than the wholesale
> module backports previously suggested, while Alex and Donald provided
> the necessary additional details, so here's a revised version of the
> PEP. Despite making it more explicit, I deleted more lines than I
> added, strongly suggesting that switching to selective backports was
> the right call :)
>
> I dealt with the SSL module the way Donald suggested: excluding the
> RAND_* functions, rather than listing everything else.
>
> I also changed the headings to make it clear the listed alternatives
> were rejected ideas, made the footnotes a bit more readable, and
> tidied up the wording in a few places.
>
> Diff: http://hg.python.org/peps/rev/8527f6e2beb0
> Web: http://www.python.org/dev/peps/pep-0466/
>
> ==========================
> PEP: 466
> Title: Network Security Enhancement Exception for Python 2.7
> Version: $Revision$
> Last-Modified: $Date$
> Author: Nick Coghlan <ncoghlan at gmail.com>,
> Status: Draft
> Type: Informational
> Content-Type: text/x-rst
> Created: 23-Mar-2014
> Post-History: 23-Mar-2014, 24-Mar-2014, 25-Mar-2014, 26-Mar-2014
>
[SNIP]
> Exemption Policy
> ================
>
> Under this policy, the following features SHOULD be backported from Python
> 3.4 to the upcoming Python 2.7.7 maintenance release:
>
> * in the ``os`` module:
>
> * persistent file descriptor for ``os.urandom()``.
>
> * in the ``hmac`` module:
>
> * constant time comparison function (``hmac.compare_digest()``).
>
> * in the ``hashlib`` module:
>
> * password hashing function (``hashlib.pbkdf2_hmac()``).
> * details of hash algorithm availability (``hashlib.algorithms_
> guaranteed``
> and ``hashlib.algorithms_guaranteed``).
>
You said algorithms_guaranteed twice. I assume that wasn't for emphasis. =)
I'm +1 on this version of the PEP.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140326/e83d5207/attachment-0001.html>
More information about the Python-Dev
mailing list