No. Providing the security that the user originally asked for is not a "backwards incompatible change". It is a bug fix. And believe me: I care a _LOT_ about reducing barriers to migration. This would not be on my list of the top 1000 things that make migration difficult.
On 3 Sep 2014 08:18, "Alex Gaynor" <firstname.lastname@example.org> wrote:
> Antoine Pitrou <solipsis <at> pitrou.net> writes:
> > And how many people are using Twisted as an HTTPS client?
> > (compared to e.g. Python's httplib, and all the third-party libraries
> > building on it?)
> I don't think anyone could give an honest estimate of these counts, however
> there's two factors to bare in mind: a) It's extremely strongly recommended to
> use requests to make any HTTP requests precisely because httplib is negligent
> in certificate and hostname checking by default, b) We're talking about
> Python3, which has fewer users than Python2.
Creating *new* incompatibilities between Python 2 & Python 3 is a major point of concern. One key focus of 3.5 is *reducing* barriers to migration, and this PEP would be raising a new one.
It's a change worth making, but we have time to ensure there are easy ways to do things like skipping cert validation, or tolerate expired certificates.