[pypy-dev] pypy 5.10 release
Alex Gaynor
alex.gaynor at gmail.com
Wed Jan 3 18:51:21 EST 2018
If PyPy releases include a copy of OpenSSL (or LibreSSL) then we need to be
in the business of issuing new releases whenever upstream has a security
release, we can't be shipping people OpenSSLs with known security issues.
Of LibreSSL and OpenSSL, I'd choose to ship OpenSSL -- I've found LibreSSL
fairly frustrating to work with and OpenSSL upstream is considerably
cleaned up in past years.
Alex
On Wed, Jan 3, 2018 at 12:06 PM, Nathaniel Smith <njs at pobox.com> wrote:
> On Jan 3, 2018 02:17, "Matt Billenstein" <matt at vazor.com> wrote:
>
> So, I think updating LibreSSL branches every 6-12 months and using the
> latest
> point release for a new pypy release is probably a good plan.
>
>
> BTW you should consult your local cryptographic engineer – I guess that's
> probably Alex Gaynor? – before deciding between LibreSSL and OpenSSL. I
> don't have any first hand experience here myself, but my second hand
> impression is that LibreSSL does not have a good reputation.
>
> -n
>
> _______________________________________________
> pypy-dev mailing list
> pypy-dev at python.org
> https://mail.python.org/mailman/listinfo/pypy-dev
>
>
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pypy-dev/attachments/20180103/6385000d/attachment.html>
More information about the pypy-dev
mailing list