[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Ned Deily nad at acm.org
Sat Mar 22 23:39:28 CET 2014

In article 
<CADiSq7czsp1FLv31iZZ01_9aVgyzsC1j6+d2T5AuP2ByU979oA at mail.gmail.com>,
 Nick Coghlan <ncoghlan at gmail.com> wrote:
 > I have just posted a proposal to change the way we treat enhancements
> that relate to Python's support for network security enhancements.


> Open Questions
> ==============
> * What are the risks associated with allowing OpenSSL to be updated to
>   new feature versions in the Windows and Mac OS X binary installers for
>   maintenance releases?

Regarding the python.org binary installers, I think past practice has 
been for us to update third-party libraries as necessary in maintenance 
releases when there is good cause and with the concurrence of the 
release manager, so I don't see this as a big issue.  For the OS X 
binary installer, the issue for OpenSSL has been that we dynamically 
link to the system-supplied OpenSSL libraries and that, for various 
reasons, Apple has deprecated (and frozen at non-current OpenSSL 
releases) the use of those libraries in favor of their own security 
frameworks.  So, for multiple reasons, including the risk that OpenSSL 
may be dropped from an upcoming major release of OS X, we need to start 
supplying our own version with all OS X binary installers.  That's the 
plan regardless of the outcome of this PEP.

 Ned Deily,
 nad at acm.org

More information about the Python-Dev mailing list