[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

"Martin v. Löwis" martin at v.loewis.de
Tue Mar 25 19:29:30 CET 2014


Am 25.03.14 14:47, schrieb Nick Coghlan:
> The PEP says to sync with Python 3, and that has full cross platform
> support. The Linux focus just comes from the fact that Linux is where
> the problem is most evident.

However, it fails to address a critical detail: the upcoming maintenance
end for 2.7. This makes it less platform-agnostic
than you say: For Linux, many users rely on the system vendor
to provide Python binary, and they may chose to continue improving
the backported APIs even after python-dev's maintenance ends.
OTOH, for Windows, most users rely on the binaries from python.org,
which will stop evolving in May 2015. Of course, there is still
ActiveState, but there isn't the same kind of vendor choice that
you see for Linux.

So I think the PEP should make it clear whether:
a) you expect that the maintenance period for Python 2.7 is to
   be extended beyond 2015,
b) you expect that the backports will evolve in the years to come,
   or whether this will be a one-shot activity
c) and if the answer to b was "will evolve", whether you expect this
   will create forks of 2.7 after maintenance has ended (as the
   then-security-only 2.7 branch won't see any further improvement
   to the backport, according to the PEP)

Regards,
Martin




More information about the Python-Dev mailing list