[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Brett Cannon
brett at python.org
Sat Jan 13 21:16:53 EST 2018
On Sat, Jan 13, 2018, 14:45 Christian Heimes, <christian at python.org> wrote:
> On 2018-01-13 21:02, Brett Cannon wrote:
> > +1 from me as well for the improved security.
>
> Thanks, Brett!
>
> How should we handle CPython's Travis CI tests? The 14.04 boxes have
> OpenSSL 1.0.1. To the best of my knowledge, Travis doesn't offer 16.04.
> We could either move to container-based testing with a 16.04 container,
> which would give us 1.0.2 Or we could compile our own copy of OpenSSL
> with my multissl builder and use some rpath magic.
>
> In order to test all new features, Ubuntu doesn't cut it. Even current
> snapshot of Ubuntu doesn't contain OpenSSL 1.1. Debian Stretch or Fedora
> would do the trick, though.
>
> Maybe Barry's work on official test container could leveraged testing?
>
My guess is we either move to containers on Travis, see if we can manually
install -- through apt or something -- a newer version of OpenSSL, or we
look at alternative CI options.
-Brett
> Regards,
> Christian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180114/9a1d7386/attachment-0001.html>
More information about the Python-Dev
mailing list