Oh, another issue that I forgot to mention--
A fair number of people had no idea that Python wasn't validating TLS before 2.7.9/3.4.3 however as part of the processing of changing that in 2.7.9 a lot of people became aware that Python's before 2.7.9 didn't validate but
On 11 May 2015 10:16 pm, "Robert Kuska"
Python 2.7.9+ does. I worry that if Redhat (or anyone) ships a Python 2.7.9 that doesn't verify by default then they are going to be shipping something which defies the expectations of those users who were relying on the fact that Python 2.7.9+ was supposed to be secure by default now. You're (understandibly) focusing on "I already have my thing running on Python 2.7.8 and I want to yum update and get 2.7.9 and have things not visibly break",
As Robert noted, it would be a matter of updating to a 2.7.5 with more patches backported, rather than rebasing to a newer upstream version. I can make the "do not change the default behaviour relative to the corresponding upstream version" guidance explicit in the PEP, though. Cheers, Nick.