[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Victor Stinner
victor.stinner at gmail.com
Sun Mar 23 10:48:57 CET 2014
Hi,
2014-03-22 22:11 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>:
> In particular, the exception will apply to:
>
> * the ``ssl`` module
> * the ``hashlib`` module
> * the ``hmac`` module
> * the ``sha`` module (Python 2 only)
> * the components of other networking modules that make use of these modules
> * the components of the ``random`` and ``os`` modules that are relevant to
> cryptographic applications
> * the version of OpenSSL bundled with the binary installers
The current Python development cycle is too slow to track latest
security recommandations. Python 2.7 is now very far from Python 3.4,
so backportng so many features is very complex and error-prone.
IMO A third-party module backporting all these security enhancements
would be easy to develop. There are already M2Crypto, cryptography and
PyOpenSSL modules for example. You may reuse them.
The drawback is that applications would be benefit immediatly from
this work, they should be modified to use the new module. But usually,
developers who care of security are able to do these modifications.
The PEP is very generic. Can you try to list all missing security
features of old Python versions?
Victor
More information about the Python-Dev
mailing list