[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Antoine Pitrou
solipsis at pitrou.net
Sun Mar 23 00:34:37 CET 2014
On Sun, 23 Mar 2014 09:08:29 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
> On 23 March 2014 08:53, Ben Darnell <ben at bendarnell.com> wrote:
> > I agree wholeheartedly with the sentiment behind this PEP, but I have
> > concerns about the implementation. If we introduce new APIs into the ssl
> > module then we will see packages and applications that depend on Python
> > 2.7.7+, just like with the introduction of bool in 2.2.1. This will be a
> > mess unless adoption of new Python minor versions is swift and consistent.
> > The PEP says that new features should be testable with feature detection,
> > but how far does that go? The Python 3 NPN interface is a method of
> > SSLContext, which didn't exist in 2.7. Do we backport the entire SSLContext
> > interface in a minor release, or introduce a new NPN interface that is not
> > based on SSLContext just for older Pythons?
>
> The whole thing.
Have you first tried to do it and appreciate the amount of disruption
it would cause?
> It's not just ssl2: you needs os2, random2, ftplib2, poplib2,
> imaplib2, smtplib2. You also run headlong into the problem of a
> complex external dependency on OpenSSL (which the Linux distro
> repackagers currently handle for us).
So are you proposing to backport changes to all these modules too? This
sounds crazy.
Regards
Antoine.
More information about the Python-Dev
mailing list