[Python-Dev] Python 2.7.7. on Windows

Wed Apr 30 06:17:54 CEST 2014

On 29 April 2014 17:02, Stefan Krah <stefan-usenet at bytereef.org> wrote:
> Mike Miller <python-dev at mgmiller.net> wrote:
>> I have to say I'm a bit baffled.  I expected disagreement, but
>> didn't expect that multiple reasons against would be made up
>> seemingly at random?  I and a company I work for (that distributes
>> Py) have been installing Python to ProgramFiles for almost a decade,
>> and can assure that none of those things you mention have yet
>> happened.
>
> Relax, I don't think Steve is making things up.  That said, I can confirm
> what you wrote:  I've always installed Python to "Program Files" and I've
> never had any issues (then again, I'm mostly using Linux).

It's important to note that the feature backport exceptions in the
network security enhancements PEP were granted specifically because
they had security implications *beyond* the specific systems and
applications still running Python 2.7. Unfortunately, I lost some of
that rationale when I trimmed it down to the more specific proposal:

==============================
The key requirement for a feature to be considered for inclusion in this
policy is that it must have security implications *beyond* the specific
application that is written in Python and the system that application is
running on. Thus the focus on network security protocols, password storage
and related cryptographic infrastructure - Python is a popular choice for
the development of web services and clients, and thus the capabilities of
widely used Python versions have implications for the security design of
other services that may themselves be using newer versions of Python or
other development languages, but need to interoperate with clients or
servers written using older versions of Python.

The intent behind this requirement is to minimise any impact that the
introduction of this policy may have on the stability and compatibility of
maintenance releases. It would be thoroughly counterproductive if end
users became as cautious about updating to new Python 2.7 maintenance
releases as they are about updating to new feature releases within the
same release series.
==============================

I'll find a place to add that back in (not tonight, though), since
it's an important part of the reason Mike's suggested installer
changes are *not* remotely in scope for 2.7.7. However,  that's
currently not obvious to folks that have only read the final version
of the PEP, and didn't see the earlier more open ended versions that
included that text.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia