[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Paul Moore
p.f.moore at gmail.com
Sun Mar 23 00:54:12 CET 2014
On 22 March 2014 23:49, Donald Stufft <donald at stufft.io> wrote:
> In the case of requests they already have an optional dependency on
> pyopenssl. It's just many people either don't know they should use it, are
> unable to use it, or unwilling to use the python packaging tool chain
> because of its current flaws.
Do they use the new features in the Python 3.x ssl module when it's
available to give the same level of security as having pyopenssl
would, or do they use a "lowest common denominator" (i.e., 2.x
compatible) level of security when using the stdlib? If the latter,
that would be very, very sad.
Paul
More information about the Python-Dev
mailing list