[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Donald Stufft
donald at stufft.io
Sun Mar 23 02:30:17 CET 2014
On Mar 22, 2014, at 8:55 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> Moving the affected modules out of the standard library proper and
> bundling the critical ones along with pip instead is indeed another
> alternative. However, that approach introduces additional issues of
> its own - I'll cover some of them in the next PEP update, but it would
> be good to have someone explicitly trying to make the case that a PyPI
> backport would be simpler for the overall ecosystem than my suggested
> approach.
FWIW pip as of right now has a policy of no C dependencies outside of the
stdlib. CPython isn’t our only target and C dependencies don’t work very
well on PyPy (if at all) and it makes the situation much more difficult on
platforms where there are no compiler toolchains (Windows).
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140322/140ff509/attachment-0001.sig>
More information about the Python-Dev
mailing list