[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

Donald Stufft donald at stufft.io
Tue Mar 25 18:18:15 CET 2014


On Mar 25, 2014, at 1:16 PM, Guido van Rossum <guido at python.org> wrote:

> On Tue, Mar 25, 2014 at 9:46 AM, Donald Stufft <donald at stufft.io> wrote:
> 
> On Mar 25, 2014, at 12:35 PM, Guido van Rossum <guido at python.org> wrote:
> [...]
>> 
>> I do note that the PEP seems to have some weasel-words about breaking backward compatibility in the name of security. The phrase "This PEP does not grant Python 2.7 any general exemptions to the usual backwards compatibility policy for maintenance releases" *could* be interpreted to imply that the PEP grants some specific exemptions (regardless of whether that was Nick's intention when he wrote that sentence). I'd like clarity on this; IIRC we've had to make some compatibility-breaking changes in the past for security reasons, but I don't recall the details or how that worked out (whether much code broke and whether that was considered a good or a bad thing).
> 
> I’m pretty sure Nick was just trying to say that the changes made under this PEP still have to be backwards compatible in the sense that APIs can’t change their default behavior and such. In other words we can’t suddenly flip on hostname checking or anything like that.
> 
> Then the words should be clarified (maybe by removing 'general'?). This PEP invites interpretation by future generations so it should be as clear as possible on the intent, to avoid scholarly arguments.
> 
> -- 
> --Guido van Rossum (python.org/~guido)

Yea I agree, was just stating what I understand the PEP to be proposing :)


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140325/d00a6baf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140325/d00a6baf/attachment.sig>


More information about the Python-Dev mailing list