[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Donald Stufft donald at stufft.io
Mon Mar 24 03:34:56 CET 2014


On Mar 23, 2014, at 9:31 PM, Barry Warsaw <barry at python.org> wrote:

> On Mar 24, 2014, at 11:38 AM, Chris Angelico wrote:
> 
>> Easy. Just set PYTHONPATH to import the SEPython [1] lib ahead of the
>> standard lib. Then you can go back to the standard 2.7 (if you want
>> to) by unsetting PYTHONPATH.
>> 
>> It'd be nice if SEPython defined a modified sys.version for clarity,
>> but otherwise, it'd be a vanilla Python 2.7.
> 
> That's certainly more in the direction of what I think is an appropriate
> upstream solution.
> 
> The thing is, there isn't one single "what's best for users" resolution.
> There are many, many competing requirements and I think it will be difficult
> to satisfy everyone.  I'm particularly sensitive to complaints of unexpected
> changes between micro releases.

If it’s too much for a micro release call it 2.8 or 2.9 or something and give it
a super limited scope. Proposals like modifying the sys.path to opt into
the backported things or having an official unofficial stdlib just adds more
things downstream users have to actually test against and more possible
configurations or Pythons.

Right now users have a singular method for determining what the runtime
environment looks like for Python, the version. There are processes around
selecting different Python versions for things, upgrading etc. This isn’t
a new thing for users. Suddenly having to mess with PYTHONPATH or
having to figure out if their distro used the “official stdlib” or the “official
unofficial stdlib” just adds massive confusion.

Things like ssl3 etc are “ok” but less than optimal IMO because one of the
benefits of adding SSLContext and such to Python 2.x is that you can write
code that works in 2.x and 3.x without having to special case 2.7.7 or 2.8
or whatever. However if you just add ssl3 then now you have a third path
through the code that you have to deal with.

> 
> -Barry
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140323/676fb5de/attachment.sig>


More information about the Python-Dev mailing list