On Thu, 4 Sep 2014 13:11:38 +1000 Nick Coghlan email@example.com wrote:
That leaves Python 2.7, and I have to say I'm now persuaded that a backport (including any required httplib and urllib features) is the right way to go. One of the tasks I'd been dreading as a follow-on from PEP 466 was organising the code audit to make sure our existing Python 2 applications are properly configuring SSL. If we instead change Python 2.7.9 to validate certificates by default, then the need to do that audit *goes away*, replaced by the far more mundane tasking of doing integration testing on 2.7.9, which we'd have to do *anyway*.
What are "our existing Python 2 applications"? Is it a Red Hat-specific statement? What is the "code audit" you are talking about?