[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
Nick Coghlan
ncoghlan at gmail.com
Fri Nov 27 06:38:11 EST 2015
On 27 November 2015 at 18:47, Cory Benfield <cory at lukasa.co.uk> wrote:
> Perhaps I missed this, Nick, but what happens if multiple third party libraries apply updates to call this function in incompatible ways? For example, if you depend on libfoo which calls ssl._verify_https_certificates(False) and libbar which calls ssl._verify_https_certificates(True)? Is it…last import wins?
Last import wins, but libaries shouldn't be mutating process global
state as a side effect of import - like the sys module, the ssl module
configuration should only be modified (directly or indirectly) from
__main__.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list