[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Antoine Pitrou
solipsis at pitrou.net
Mon Mar 24 17:10:23 CET 2014
Le 24/03/2014 15:21, R. David Murray a écrit :
>
> In the context of that last sentence, I think it is worth noting the
> stance that 3.4 is taking[*] about security backward compatibility,
> since many people may not be aware of it (we only just finished making
> the documentation clear).
>
> If you use create_default_context() to get your context object, you get a
> "best practices" level of security *that may change between maintenance
> releases*. If you want things to not change between maintenance releases,
> you create your own context object and set its controls appropriately.
Indeed. Note that this works because create_default_context() is a new
API, hence it was ok to choose this particular maintenance policy.
Maintenance policy of 3.4 as a whole (i.e. all other APIs) hasn't changed.
(but some other aspects of SSL configuration, e.g. the default cipher
list, is also amenable to changes in bugfix releases, as Donald's latest
commits exemplify; in this case it should stay within the limits of
reasonable backwards compatibility, i.e. not break any common use case)
Regards
Antoine.
More information about the Python-Dev
mailing list