[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
Toshio Kuratomi
a.badger at gmail.com
Thu Nov 26 23:02:58 EST 2015
On Nov 26, 2015 4:53 PM, "Nick Coghlan" <ncoghlan at gmail.com> wrote:
>
> On 27 November 2015 at 03:15, Barry Warsaw <barry at python.org> wrote:
>
> > Likewise in Ubuntu, we try to keep deviations from Debian at a minimum,
and
> > document them when we must deviate. Ubuntu is a community driven
distro so
> > while Canonical itself has customers, it's much more likely that
feedback
> > about the Python stack comes from ordinary users. Again, my personal
goal is
> > to make Python on Ubuntu a pleasant and comfortable environment, as
close to
> > installing from source as possible, consistent with the principles and
> > policies of the project.
>
> I'd strongly agree with that description for Fedora and
> softwarecollections.org, but for the RHEL/CentOS system Python I think
> the situation is slightly different: there, the goal is to meet the
> long term support commitments involved in being a base RHEL package.
> As the nominal base version of the package (2.7.5 in the case of RHEL
> 7) doesn't change, there is naturally going to be increasing
> divergence from the nominal version.
I think the goal in rhel/centos is similar, actually. The maintenance
burden for non upstream changes has been acknowledged as a problem to be
avoided by rhel maintainers before. The caveat for those distributions is
that they accumulate more *backports*.
However, backports are easier to maintain than non upstream changes. The
test of the upstream community helps to find and fix bugs in the code; the
downstream maintainer just needs to stay aware of whether fixes are going
into the code they've backported.
> I tried to go down the "upstream first" path with a properly supported
> "off switch" in PEP 476, and didn't succeed (hence the monkeypatch
> compromise). It sounds like several folks would like to see us revisit
> that decision, though.
>
That's the rub. If there's now enough support to push this upstream I
think everyone downstream will be happier. If it turns out there's still
enough resistance to keep it from upstream then I suppose you cross that
bridge if it becomes necessary.
-Toshio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20151126/2758d689/attachment.html>
More information about the Python-Dev
mailing list