[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Tue Jan 16 01:42:50 EST 2018
Matt Billenstein writes:
> In my mind it becomes easier to bundle deps in a binary installer
> across the board (Linux, OSX, Windows) rather than rely on whatever
> version the operating system provides.
Thing is, as Christian points out, TLS is a rapidly moving target.
Every Mac OS or iOS update seems to link to a dozen CVEs for TLS
support. We can go there if we have to, but it's often hard to go
back when vendor support catches up to something reasonable. I think
this is something for Ned and Christian and Steve to negotiate, since
they're the ones who are most aware of the tradeoffs and bear the
costs.
More information about the Python-Dev
mailing list