[Python-Dev] Backport ssl.MemoryBIO on Python 2.7?
Nick Coghlan
ncoghlan at gmail.com
Tue May 23 22:46:11 EDT 2017
On 24 May 2017 at 10:46, Victor Stinner <victor.stinner at gmail.com> wrote:
> Hi,
>
> Would you be ok to backport ssl.MemoryBIO and ssl.SSLObject on Python
> 2.7? I can do the backport.
>
> https://docs.python.org/dev/library/ssl.html#ssl.MemoryBIO
+1 from me - the last SSL module resync to 2.7 was from 3.4, and
bringing them back closer to feature parity again is genuinely
beneficial in ensuring the Python ecosystem is able to keep up with
evolving network security standards.
Guido requested back when PEP 466 was written that any further
security backports come with their own PEP in order to clearly
communicate what's being backported, and the "What's New in Python 2.7
Maintenance Releases?" section is organised accordingly.
However, the "Why?" section in such a PEP can be a lot shorter than it
was for the original precedent setting one, since it only needs to
describe the benefits of the specific security features being
backported, rather than having to make the case for the idea of
backporting security features in general.
Cheers,
Nick.
P.S. Somewhat related, folks may be interested to know that the
upcoming RHEL 7.4 release finally completes the process of backporting
PEPs 466 & 476 to the RHEL system Python by switching the default
behaviour for new installs to be to verify SSL/TLS certificates
against the system trust store:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_compiler_and_tools.html
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list