[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

"Martin v. Löwis" martin at v.loewis.de
Sat Mar 22 23:14:19 CET 2014


Am 22.03.14 22:11, schrieb Nick Coghlan:

> Title: Network Security Enhancement Exception for All Branches

I'm -0 on the general idea, and -1 on the inclusion of the 2.7 branch
into the policy.

The PEP trades security concerns against stability and maintainability.
I see a maintenance threat coming out of it: existing installations will
fail to operate after updating Python and some support libraries. Bug
fix releases ought to focus on maintenance much more than moving along
with general security threats. Software that ages needs to be retired,
instead of trying to fix it endlessly (which is a futile exerciese,
anyway). Everybody knows it, and has accepted it, so why should we fight
what seems to be a fundamental law of software evolution?

In the specific case of 2.7, I am hoping that we retire the branch soon.
If so, it would be counter-productive to backport the current features
to 2.7. They are still in progress, and users wouldn't be helped with
getting a new feature in just the final bug fix release of 2.7, with no
chance of then getting updates of the same feature, as there won't be
any further bugfix releases.

Finally, doing this in the 2.7 branch likely involves more effort
than I'm personally willing to provide.

Regards,
Martin



More information about the Python-Dev mailing list