[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
Barry Warsaw
barry at python.org
Mon Nov 23 21:05:57 EST 2015
On Nov 17, 2015, at 11:44 PM, Nick Coghlan wrote:
>For Debian, Ubuntu and SUSE, their original determinations for the
>relevant CVE were "too intrusive to backport", so folks currently need
>to upgrade to newer versions of those distros to get the improved
>default behaviour:
This is an example of my problem with the tone of PEP 493 (sorry Nick, nothing
personal!). "Improved default behavior"... for whom? It's not improved for
the folks whose applications are broken by changing the default.
Cheers,
-Barry
More information about the Python-Dev
mailing list