[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Ned Deily
nad at acm.org
Sat Mar 22 23:39:28 CET 2014
In article
<CADiSq7czsp1FLv31iZZ01_9aVgyzsC1j6+d2T5AuP2ByU979oA at mail.gmail.com>,
Nick Coghlan <ncoghlan at gmail.com> wrote:
> I have just posted a proposal to change the way we treat enhancements
> that relate to Python's support for network security enhancements.
+1
[...]
> Open Questions
> ==============
>
> * What are the risks associated with allowing OpenSSL to be updated to
> new feature versions in the Windows and Mac OS X binary installers for
> maintenance releases?
Regarding the python.org binary installers, I think past practice has
been for us to update third-party libraries as necessary in maintenance
releases when there is good cause and with the concurrence of the
release manager, so I don't see this as a big issue. For the OS X
binary installer, the issue for OpenSSL has been that we dynamically
link to the system-supplied OpenSSL libraries and that, for various
reasons, Apple has deprecated (and frozen at non-current OpenSSL
releases) the use of those libraries in favor of their own security
frameworks. So, for multiple reasons, including the risk that OpenSSL
may be dropped from an upcoming major release of OS X, we need to start
supplying our own version with all OS X binary installers. That's the
plan regardless of the outcome of this PEP.
--
Ned Deily,
nad at acm.org
More information about the Python-Dev
mailing list