[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
Nick Coghlan
ncoghlan at gmail.com
Mon Nov 23 19:18:50 EST 2015
On 24 November 2015 at 05:35, Christian Heimes <christian at python.org> wrote:
> On 2015-11-17 01:00, Guido van Rossum wrote:
>> Hm, making Christian the BDFL-delegate would mean two out of three
>> authors *and* the BDFL-delegate all working for Red Hat, which clearly
>> has a stake (and IIUC has already committed to this approach ahead of
>> PEP approval). SO then it would look like this is just rubber-stamping
>> Red Hat's internal decision process (if it's a process -- sounds more
>> like an accident :-).
>>
>> So, Alex, do you want to approve this PEP?
>
> I haven't read this thread until now. Independently from your objection
> I have raised the same concern with Nick today. I'd be willing to BDFL
> the PEP but I'd rather have somebody outside of Red Hat.
Likewise, but the intersection between "wants to get PEP 476 into the
hands of as many system operators as possible as soon as possible",
"is a CPython core developer", and "doesn't work for Red Hat" is
looking to be a rather select group :)
Since we already know Red Hat are OK with the draft recommendations,
and I missed the RHEL 7.2 release date anyway, perhaps Barry or
Matthias might be interested in tilting at the Ubuntu 14.04 LTS stable
release update windmill? I know there was previously a decision from
Ubuntu Security not to backport PEPs 466 & 476 to 2.7.5 due to the
stability risks [1], but the configuration file based approach
recommended in PEP 493 is backwards compatible by default, with the
decision to opt in to the improved settings after upgrading current
systems being made by system administrators rather than the distro
vendor. With around 3 1/2 years still to run on 14.04's support
lifecycle, that has the potential to reach quite a few systems that
otherwise wouldn't benefit from the change until well after Ubuntu
16.04 is released next year.
Regards,
Nick.
[1] http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9365.html
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list