So we have two distinct changes that are proposed here:

1. Support alternative implementations of TLS instead of OpenSSL. In particular this will enable the use of system trust stores for certificates.

2. Implement ABCs and concrete classes to support MemoryBIO, etc., from 3.7.

Supporting system trust stores is a valid security fix for 2.7, and I have no such problem with such changes as long as they are narrowed to this specific change.

But I object to a completely new feature being added to 2.7 to support the implementation of event loop SSL usage. This feature cannot be construed as a security fix, and therefore does not qualify as a feature that can be added to CPython 2.7 at this point in its lifecycle.

The discussion that implementing such new features for 2.7 will improve their adoption for Python 3 is a red herring. We could enumerate many such features, but https://www.python.org/dev/peps/pep-0404/#upgrade-path is rather clear here.

- Jim

On Wed, May 31, 2017 at 10:40 AM, Victor Stinner <victor.stinner@gmail.com> wrote:

2017-05-31 17:45 GMT+02:00 Jim Baker <jim.baker@python.org>:
> Given that this proposed new feature is for 2.7 to support event loop usage
> and not a security fix, I'm -1 on this change. In particular, it runs
> counter to the justification policy stated in PEP 466.

Hum, it seems like the PEP 546 abstract is incomplete. The final goal
of the PEP is to make Python 3 more secure thanks to all goodness of
the PEP 543. The PEP 546 tries to explain why Python 2.7 is blocking
the adoption of the PEP 543 in practice.

Victor