[Security-sig] Pending security features for 3.6

[Nick Coghlan]

On 16 August 2016 at 03:12, Christian Heimes <christian at python.org> wrote:
> Hi,
>
> (2nd attempt, first mail didn't make it)
>
> I have a bunch of tickets with security-related improvements or features
> for Python 3.6. Most of the tickets come with patches and tests. Some of
> the patches might be outdated or conflict with tip. I have branches on
> my private github fork for all patches.
>
> Please review the patches and decide which features you like to include
> in future releases.

I think they all make sense for Python 3.6 - while I acknowledge the
maintainability concerns raised on python-dev with the expansion of
security related features, I also think that's an ongoing
sustainability problem we need to tackle by getting commercial
redistributors to better earn their support fees, rather than refusing
to allow the work to be done in the interim.

For Python 3.5 and 2.7, we're probably due for a successor to PEP 466
that syncs the ssl support in those versions with the 3.6 version of
the module - that should hopefully be less controversial this time
around.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia