[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

Guido van Rossum guido at python.org
Tue Mar 25 18:16:21 CET 2014


On Tue, Mar 25, 2014 at 9:46 AM, Donald Stufft <donald at stufft.io> wrote:

>
> On Mar 25, 2014, at 12:35 PM, Guido van Rossum <guido at python.org> wrote:
> [...]
>
> I do note that the PEP seems to have some weasel-words about breaking
> backward compatibility in the name of security. The phrase "This PEP does
> *not* grant Python 2.7 any general exemptions to the usual backwards
> compatibility policy for maintenance releases" *could* be interpreted to
> imply that the PEP grants some *specific* exemptions (regardless of
> whether that was Nick's intention when he wrote that sentence). I'd like
> clarity on this; IIRC we've had to make some compatibility-breaking changes
> in the past for security reasons, but I don't recall the details or how
> that worked out (whether much code broke and whether that was considered a
> good or a bad thing).
>
>
> I'm pretty sure Nick was just trying to say that the changes made under
> this PEP still have to be backwards compatible in the sense that APIs can't
> change their default behavior and such. In other words we can't suddenly
> flip on hostname checking or anything like that.
>

Then the words should be clarified (maybe by removing 'general'?). This PEP
invites interpretation by future generations so it should be as clear as
possible on the intent, to avoid scholarly arguments.

-- 
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140325/21c8e842/attachment.html>


More information about the Python-Dev mailing list