[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Paul Moore
p.f.moore at gmail.com
Sun Mar 23 00:23:02 CET 2014
On 22 March 2014 23:07, Donald Stufft <donald at stufft.io> wrote:
> As someone who is deeply biased towards improving the packaging tool chain
> and getting people to use it I think that most people will simply use the
> Stdlib even if a more secure alternative exists. Infact one does exist and I
> still see almost everyone using the stdlib ssl instead of pyopenssl. At best
> they have an optional dependency on it which many people who aren't security
> conscious won't even realize why they should install it.
Windows users typically will not be able to use something like
pyopenssl. It's a complex binary dependency with no wheel on PyPI.
There are no easily locatable wininst installers, even - and those are
messy to use in a virtualenv.
While the stdlib modules may have issues, "depend on pyopenssl" is not
a practical solution for many people.
Paul
More information about the Python-Dev
mailing list