On 31 January 2017 at 14:54, Cory Benfield <cory@lukasa.co.uk> wrote:
So C# applications are Windows-native safe on Windows, and are a crapshoot elsewhere. For Java vs Python, I’d say we’re slightly ahead right now.
That's precisely the sort of answer I was after. Many thanks. The additional detail is interesting, but starts being scary again. I think the "advantage" languages like Java has is that no-one really discusses the details - so it seems like things are fine - but it devolves into a "how do we get this to work?" mess if you try to do anything hard. That's not a real advantage, but unfortunately politics often trumps technical accuracy in my area of work :-( (My job is often to make technically correct politically acceptable - who knew that's what "coding" really was?)
Again, the long-term solution to this fix is to allow us to use SChannel and SecureTransport to provide TLS on the relevant platforms. This will also let people use GnuTLS or NSS or whatever other TLS implementations float their boat on other Unices. I’ll be bringing a draft PEP in front of python-dev sometime in the next month to start this work: if you’re interested, I recommend helping out with that process!
That sounds fantastic. I'm not sure how much I'd be able to help, beyond whining "but I don't care about all this, just make it work and make it eeeeasyyyyyy" :-) but I'll certainly watch the discussions and do what I can. Thanks, Paul