[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Cory Benfield cory at lukasa.co.uk
Thu Jun 1 07:18:48 EDT 2017

> On 1 Jun 2017, at 12:09, David Wilson <dw+python-dev at hmmz.org> wrote:
> On Thu, Jun 01, 2017 at 11:47:31AM +0100, Cory Benfield wrote:
>> I have, but discarded the idea.
> I'm glad to hear it was given sufficent thought. :)
> I have one final 'crazy' idea, and actually it does not seem to bad at
> all: can't you just fork a subprocess or spawn threads to handle the
> blocking SSL APIs?
> Sure it wouldn't be beautiful, but it is more appealing than forcing an
> upgrade on all 2.7 users just so they can continue to use pip. (Which,
> ironically, seems to resonate strongly with the motivation behind all of
> this work -- allowing users to continue with their old environments
> without forcing an upgrade to 3.x!)

So, this will work, but at a performance and code cleanliness cost. This essentially becomes a Python-2-only code-path, and a very large and complex one at that. This has the combined unfortunate effects of meaning a) a proportionally small fraction of our users get access to the code path we want to take forward into the future, and b) the majority of our users get an inferior experience of having a library either spawn threads or processes under their feet, which in Python has a tendency to get nasty fast (I for one have experienced the joy of having to ctrl+c multiple times to get a program using paramiko to actually die).

Again, it’s worth noting that this change will not just affect pip but also the millions of Python 2 applications using Requests. I am ok with giving those users access to only part of the functionality that the Python 3 users get, but I’m not ok with that smaller part also being objectively worse than what we do today.


More information about the Python-Dev mailing list