On 10 June 2017 at 09:56, Benjamin Peterson <benjamin@python.org> wrote:
The reason we're having this conversation at all is probably a matter of timing. If MemoryBIO was in Python 3 when PEP 466 was accepted, it surely would have come along for the ride to 2.7. I believe PEP 466 is generally considered to have produced positive results. PEP 546, carrying no breaking changes, is less risky than PEP 466.
The reluctance to bend 2.7 rules is healthy. This PEP is part of the price we pay, though, for making a backwards-incompatible release. The security landscape has and will change over the 10+ python-dev-supported life span of 2.7. During that time, we have an obligation to keep Python 2 secure. Part of that is supporting modern security interfaces, which are features. This change is needed to make another stdlib feature, ensurepip (which is itself yet another 2.7.x backport) work well.
Therefore, as 2.7 release manager, I'm accepting the PEP.
Thanks Benjamin. I was just about to post in the other thread to say I thought this was the right way to go, as I think our experience with PEP 476 (the switch to validating HTTPS certificates by default) is illustrative here: we (Red Hat) technically *didn't* backport that PEP as originally written into RHEL (and hence into CentOS etc). Instead, we had folks primarily from Red Hat, eGenix, and Canonical figure out the variant covered in PEP 493 that eventually became the system Python behaviour in RHEL 7.3+. So even if we eventually decide we can't backport PEP 546 into the RHEL system Python as written: - it will still be in Ubuntu 18.04+ - it will still make its way into future versions of other long term support distributions (whether community driven or commercial) - it will still make its way into Red Hat Software Collections at some point - we're still free to write a follow-up PEP for an opt-in _ssl_backport bootstrapping module if/when there's a clearer benefit to justify the additional effort Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia