It looks like there's a consensus being reached, should I create a bpo?
Perhaps first state what seems to be the consensus and invite further comments before going to bpo.
Disclaimer: I'd like to see both:
1. Something on PyPi to help persons who are using ssl on current Python.
2. Something in a future version of Python, that constrains attribute access.
We can do (1) first, and it will help inform (2).