[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Victor Stinner victor.stinner at gmail.com
Sun Mar 23 11:31:12 CET 2014


Hi,

2014-03-23 11:17 GMT+01:00  <martin at v.loewis.de>:
> Quoting Victor Stinner <victor.stinner at gmail.com>:
>> The drawback is that applications would be benefit immediatly from
>> this work, they should be modified to use the new module. But usually,
>> developers who care of security are able to do these modifications.
>
> I think asking developers to make significant modifications to their
> code is besides the point of the PEP.

I expect something like replacing "import ssl" with "from safestdlib
import ssl", same for other modules.

FYI I backported some Python 3.3 modules for Python 2.7 for my
Trollius project, and it was not so hard. For ssl.SSLContext, it's an
empty class, it's just a wrapper to ssl.wrap_socket() which raises
errors when unsupported features are used.
http://trollius.readthedocs.org/#backports

I wrote Trollius to port OpenStack to Python 3, not to defer the port :-)

> However, if they are willing
> to make changes, I'd still recommend that they port their code to
> Python 3, as that is the better long-term investment.

It's not always possible. For example, the OpenStack projet still have
+30 dependencies which are not Python 3 compatible yet.
https://wiki.openstack.org/wiki/Python3#Dependencies

We are porting these dependencies, but it may still take one year to
port the whole OpenStack project to Python 3. Come to help us :)

Sorry, it's maybe not fair to take the worst example (OpenStack) :-)

Victor


More information about the Python-Dev mailing list