[Python-Dev] PEP 476: Enabling certificate validation by default!

Stephen J. Turnbull stephen at xemacs.org
Wed Sep 3 04:43:25 CEST 2014

Antoine Pitrou writes:
 > On Tue, 2 Sep 2014 16:47:35 -0700
 > Glyph Lefkowitz <glyph at twistedmatrix.com> wrote:

 > > As we keep saying, this is not a break in backwards
 > > compatibility, it's a bug fix.
 > Keeping saying it doesn't make it magically true.

It's not "magically" true, it is "just" true.  What the hardliners
fail to acknowledge is that this is *not a bug in Python, it's a bug
in the whole system*, and *mostly* in the environment.  Changing
Python will not change the environment, and applications will fail,
with unknown consequences.  Saying they "should" fail *right* now is
bogus when you don't even know what those applications are, or what
other security measures may be in place:

    Now is better than never.
    Although never is often better than *right* now.

On the other hand, I commend the Twisted developers for putting their
values into their code with their reputation on the line.  I hope they
win big with this move!  Shouldn't we all hope for that?


More information about the Python-Dev mailing list