[Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7

[Nick Coghlan]

On 26 March 2014 22:05, Donald Stufft <donald at stufft.io> wrote:
> Typo I think:
>
> As in the Python 3 series, the backported ssl.create_default_context() API
> is granted a backwards compatibility exemption that permits the protocol,
> options, cipher and other settings of the created SSL context to be made
>
> made what?

Incomplete edit that I didn't notice until after posting. Fixed in the
web version now, along with the copy & paste error in the list of
hashlib attributes to be backported.

The first two backwards compatibility paragraphs:

=======================
As in the Python 3 series, the backported ssl.create_default_context()
API is granted a backwards compatibility exemption that permits the
protocol, options, cipher and other settings of the created SSL
context to be updated in maintenance releases to use higher default
security settings. This allows them to appropriately balance
compatibility and security at the time of the maintenance release,
rather than at the time of the original feature release.

This PEP does not grant any other exemptions to the usual backwards
compatibility policy for maintenance releases. Instead, by explicitly
encouraging the use of feature based checks, it is designed to make it
easier to write more secure cross-version compatible Python software,
while still limiting the risk of breaking currently working software
when upgrading to a new Python 2.7 maintenance release.
=======================

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia