[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
Nick Coghlan
ncoghlan at gmail.com
Thu Mar 27 10:32:03 CET 2014
On 27 March 2014 18:02, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Alex Gaynor writes:
>
> > Here's my proposed list of such featuers:
>
> And suppose that list grows over time? After all, it once was [].
>
> If we go for a feature-by-feature list, that has two more-or-less
> hidden costs. (1) Python-Dev has to specify which ones, and either
> risks a new specification debate in the future, or needs to spend
> time now describing criteria and processes for extending the list.
It's not a hidden cost - it's a deliberately chosen one. Guido was
wary of an open-ended agreement, so by enumerating the precise set of
missing features in Python 2.7 that are causing concern for the
network security folks, we get to address the immediate problem,
without granting permission to backport further arbitrary features
without additional discussion.
> (2) Users may need to worry about the list. (OTOH, as long as the
> list is restricted to features in certain modules, users can choose to
> assume anything in those modules may have changed behavior and that's
> no different from Nick's proposal for them.)
The PEP already specifically advises that cross-version compatible
code use feature detection rather than version checks. For network
security, it's recommended to avoid using the low level modules
directly, anyway - it's much better to use a higher level library like
requests, to reduce the number of places where we need to get the
security design right.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list