I think the PEP is a good step forward to compromise between the crypto purists (use whatever technologies makes us more secure even if it breaks things) and those who cannot upgrade their Python 2.7 because of the PEP 476 change, since it causes their applications to fail (e.g. because the embedded devices they want to interface to only support self signed certs).
I would still find having built-in support for the recommendations in the Python stdlib a better approach, but PEP 493 is good enough in at least solving real problems people are having.
PS: Would be great to have a PyPI package which implements these recommendations so that you can simply add it as dependency - and then please for Python 3 as well, since people with embedded devices will want to be able to use Python 3 as well ;-)
On 24.11.2015 15:27, Laura Creighton wrote:
In a message of Tue, 24 Nov 2015 14:05:53 +0000, Paul Moore writes:
Simply adding "people who have no control over their broken infrastructure" with a note that this PEP helps them, would be sufficient here (and actually helps the case for the PEP, so why not? ;-))
But does it help them? Or does it increase the power of those who hand out certificates and who are intensely security conscious over those who would like to get some work done this afternoon?
Laura _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/mal%40egenix.com