[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

Barry Warsaw barry at python.org
Thu Nov 26 11:48:43 EST 2015


On Nov 26, 2015, at 02:13 PM, Nick Coghlan wrote:

>PEP 476 rejected providing a public indefinitely maintained API for this, so
>PEP 493 is specifically about helping commercial redistributors offer a
>smoother transition plan to customers without affecting the public Python
>level API, and without encouraging a plethora of mutually incompatible
>transition schemes.

Of course, the API would only have to be support for the life of 2.7; it would
never go in 3.x so the burden is minimal.

>PEP 493 isn't about attempting to rehash the PEP 476 discussions in
>search of a different conclusion, so this would need to be a different
>PEP, preferably one that targets Python 3.6 first and covers more than
>just HTTPS.

That seems like overkill.  PEP 493 is specifically about Python 2.7 and
providing ways for downstreams to facilitate more choice for end-users and
end-administrators.  Although I think it could safely sneak in after rc1, that
would be for the RM to decide.  Even if it were deferred to 2.7.12, it would
still provide a better, more consistent experience if implemented upstream.

Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20151126/f9c5486f/attachment.sig>


More information about the Python-Dev mailing list