[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Eric V. Smith
eric at trueblade.com
Sun Mar 23 16:40:57 CET 2014
On 3/23/2014 11:37 AM, Donald Stufft wrote:
>
> On Mar 23, 2014, at 11:34 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
>
>> On Sun, 23 Mar 2014 07:29:07 +0000
>> Cory Benfield <cory at lukasa.co.uk> wrote:
>>> This is an interesting idea. My biggest problem with it is that, at least
>>> with the ssl library, these aren’t server-only problems. If we suggest that
>>> they are, we end up in the same position we’re in right now (that is, hurting
>>> the internet).
>>>
>>> For example, Python 2.7’s ssl module lacks the OP_NO_COMPRESSION option for
>>> OpenSSL,
>>
>> This is easy to change in a bugfix release, though. Someone just has to
>> open an issue and write a patch.
>
> I already did open an issue and write a patch :)
>
> There’s someone on that issue saying that flipping that without a way to flip it back
> would break their application.
http://bugs.python.org/issue20994, if anyone is looking for it.
Eric.
More information about the Python-Dev
mailing list