[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Cory Benfield
cory at lukasa.co.uk
Tue Mar 25 10:35:34 CET 2014
On 25 March 2014 09:01, Chris Angelico <rosuav at gmail.com> wrote:
> So by that model, current 2.7 is fully compliant, and anything that
> doesn't actively conflict with that is also compliant. Any script that
> is written for the current 2.7 is guaranteed also to run on any
> compliant SEPython; and anything written for SEPython has to
> gracefully handle (which might mean cleanly bombing) anything down to
> and including current 2.7. Does that make sense?
Absolutely. =) My additional concern on top of that is wanting users
to fall into a pit of success by making it overwhelmingly more likely
that users will accidentally end up with the safe version if they
aren't paying attention. I'm not hugely bothered about how that's
done: I'd just like not to have to field Requests bug reports about
lack of security that boil down to a user having grabbed the insecure
version by accident.
More information about the Python-Dev
mailing list