[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
Nick Coghlan
ncoghlan at gmail.com
Tue Mar 25 23:35:37 CET 2014
On 26 Mar 2014 00:25, "Paul Moore" <p.f.moore at gmail.com> wrote:
>
> On 25 March 2014 13:47, Nick Coghlan <ncoghlan at gmail.com> wrote:
> > It's not like we're going to just be giving the PEP to vendors as a
spec and
> > leaving them to it - it's largely an invitation to participate more
directly
> > upstream to help resolve a particularly thorny problem, not a Statement
of
> > Work :)
>
> :-)
>
> I don't really know the APIs involved, but AIUI one of the 3.4
> enhancements is exposing the SSLContext. Is the code to do this
> compatible with the version of OpenSSL bundled with Python 2.7 on
> Windows? If not, suppose that Red Hat provide resources that work on
> backporting the code, but they don't have Windows experts so no-one
> deals with integrating the new OpenSSL into the Windows binaries.
> Would the backport be blocked until someone is found to do the Windows
> work?
We'll get it done. For example, while *I* definitely approach the problem
from a Linux vendor perspective (and that's reflected in the PEP), I also
know several folks at Rackspace have expressed concern about the status
quo, and the client side of OpenStack is cross platform.
> This "I've written a patch but it hasn't been applied" is the type of
> scenario that puts people off contributing. If it's likely to happen,
> I think Red Hat have a right to know that in advance. And I don't know
> that it's something they would appreciate without python-dev pointing
> it out. If we're reasonably sure (not necessarily certain, there's
> always grey areas) that this isn't going to be an issue, then that's
> also fine. We can simply say that.
Yeah, I think we can make sure the right folks are involved to make it
happen. The PEP is about me getting agreement in advance that we actually
want to see the problem fixed, and the constraints we want to impose on the
solution.
Once we have that agreement, I won't be sitting around idly *waiting* for
assistance to magically appear - I'll go looking for it, and I know there
are others that will do the same :)
> That's all I'm saying. Not trying to require anything of contributors,
> just trying to be open and explicit about the criteria that will apply
> to accepting contributions.
I won't expect Linux folks to fix Windows problems (as that rarely works
well). If the PEP is accepted, I *will* ensure we get the policy
implemented on all supported platforms for 2.7.7+ by getting appropriate
people involved (and will also work on securing the appropriate longer term
support commitments).
Cheers,
Nick.
>
> Paul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140326/8749669d/attachment.html>
More information about the Python-Dev
mailing list