On 4 Sep 2014 04:39, "Antoine Pitrou" <solipsis@pitrou.net> wrote:
>
> On Wed, 3 Sep 2014 10:54:55 -0700
> Guido van Rossum <guido@python.org> wrote:
> >
> > Let's take the plunge on this issue for the next 2.7 release (3.5 being a
> > done deal).
>
> I'm entirely against this.
>
> > Yes, some people will find that they have an old script
> > accessing an old service which breaks. Surely some of the other changes in
> > the same 2.7 bugfix release will also break some other scripts. People deal
> > with it. Probably 90% of the time it's an annoyance (but no worse than any
> > other minor-release upgrade -- you should test upgrades before committing
> > to them, and if all else fails, roll it back).
>
> Python is routinely updated to bugfix releases by Linux distributions
> and other distribution channels, you usually have no say over what's
> shipped in those updates. This is not like changing the major version
> used for executing the script, which is normally a manual change.

We can potentially deal with the more conservative part of the user base on the redistributor side - so long as the PEP says it's OK for us to not apply this particular change if we deem it appropriate to do so.

That would make this a case of upstream asking us to do the kind of risk assessment that people pay us for, which is a kind of request I'm generally happy to get :)

That way, if downstream users get upset, we can point them at their vendor support department, rather than having them take out their ire on upstream volunteers.

Also, after thinking through the implications a bit more, my guess is that Fedora & Software Collections will accept the change without any fuss, but the CentOS/RHEL side could be a more involved discussion. On the other hand, orgs with these kinds of problems aren't likely to have rolled out RHEL 7 or CentOS 7 yet either, so they're probably still back on Python 2.6 (RHEL 6) or even 2.4 (RHEL 5).

2.7.9 is going to be a somewhat "interesting" release that requires careful attention anyway (due to the completion of the PEP 466 backports), so if Guido's OK with it, sure, let's kill the "HTTPS isn't" problem for Python 2 as well.

One additional wrinkle in that case: we will likely need to backport the SSLContext related changes to httplib as well.

Cheers,
Nick.