[Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7
"Martin v. Löwis"
martin at v.loewis.de
Sun Mar 23 09:42:34 CET 2014
Am 23.03.14 08:07, schrieb Nick Coghlan:
> Several significant changes in this revision:
>
> - scope narrowed to just Python 2.7 plus permission for commercial
> redistributors to use the same strategy in their long term support
> releases
Thanks; the rationale is now much clearer, and also indicates yet
another alternative path: fork Python.
The PEP indicates that vendors are likely to fork Python anyway
(as they always did, in a small scale). This could become more official
and coordinated. Create an "enhanced TLS" clone of cpython, and start
applying changes to 2.6, 2.7, and any other branches you consider
relevant. Keep it merged with the cpython code base. This model
has worked for many years for Stackless Python.
Then, vendors have the choice of either releasing from the official
CPython repository, or from the enhanced TLS one. All reasoning on
application-level feature testing still applies: applications would
have to feature-test whether they run on python.org release, or
on an enhanced release.
For Windows in particular, it would be up to ActiveState to decide
whether they build binaries from python.org, or from the enhanced
TLS repo. They could actually opt to provide both, leaving the choice
to users.
Even if this notion of forking is not acceptable, I suggest
that you could still start working on the code in a separate clone,
and the decision on the PEP could be deferred until a proposed
implementation is ready. I see it as a risk of the PEP that the
implementation might not be available before May 2015, in which
case the PEP would become irrelevant.
Regards,
Martin
More information about the Python-Dev
mailing list