On Thu, 4 Sep 2014 09:19:56 +1000 Nick Coghlan email@example.com wrote:
Python is routinely updated to bugfix releases by Linux distributions and other distribution channels, you usually have no say over what's shipped in those updates. This is not like changing the major version used for executing the script, which is normally a manual change.
We can potentially deal with the more conservative part of the user base on the redistributor side - so long as the PEP says it's OK for us to not apply this particular change if we deem it appropriate to do so.
So people would believe python.org that they would get HTTPS cert validation by default, but their upstream distributor would have disabled it for them? That's even worse...
Of course, people could read distribution-specific package changelogs, but nobody does that.
2.7.9 is going to be a somewhat "interesting" release that requires careful attention anyway (due to the completion of the PEP 466 backports), so if Guido's OK with it, sure, let's kill the "HTTPS isn't" problem for Python 2 as well.
Possible unvoluntary breakage due to a large backport is one thing. Deliberate breakage is another.