[Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

Nick Coghlan ncoghlan at gmail.com
Mon Mar 24 22:38:16 CET 2014 

On 25 Mar 2014 04:00, "Nikolaus Rath" <Nikolaus at rath.org> wrote:
>
> Nick Coghlan <ncoghlan at gmail.com> writes:
> > Maintainability
> > ---------------
> >
> > This policy does NOT represent a commitment by volunteer contributors to
> > actually backport network security related changes from the Python 3
series
> > to the Python 2 series. Rather, it is intended to send a clear signal to
> > potential corporate contributors that the core development team are
willing
> > to review and merge corporate contributions that put this policy into
> > effect.
>
> As I understand, at least for smaller patches it is actually more work
> to apply a patch than than to write it. With that in mind, are there
> really sufficient volunteer resources available to review and merge
> these corporate contributions if they come? The issue tracker certainly
> does not lack issues with unreviewed and/or unapplied patches...

At least to start, this would likely be about seeking more upstream time
for existing core contributors.

Beyond that, PEP 462 covers another way for corporate users to give back -
if they want to build massive commercial enterprises on our software, they
can help maintain and upgrade the infrastructure that makes it possible in
the first place.

It's potentially worth reading some of the board candidate statements for
this year, particularly mine and Van's:

https://wiki.python.org/moin/PythonSoftwareFoundation/BoardCandidates2014

The lack of paid development time for CPython compared to similarly
critical projects like the Linux kernel and OpenStack is of grave concern
to me personally from a volunteer burnout perspective, and it was a problem
at least Van and I were already specifically wanting to address over the
next year or so. Over the course of writing the PEP I realised that the
situation with the Python 2 network security modules is a perfect example
of the kinds of problems that the current lack of upstream engagement and
investment can cause.

Cheers,
Nick.

>
>
> Best,
> -Nikolaus
>
> --
> Encrypted emails preferred.
> PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C
>
>              »Time flies like an arrow, fruit flies like a Banana.«
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140325/c7852ce2/attachment.html>

More information about the Python-Dev mailing list