[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
Barry Warsaw
barry at python.org
Wed May 31 17:08:34 EDT 2017
On May 31, 2017, at 02:09 PM, Jim Baker wrote:
>But I object to a completely new feature being added to 2.7 to support the
>implementation of event loop SSL usage. This feature cannot be construed as
>a security fix, and therefore does not qualify as a feature that can be
>added to CPython 2.7 at this point in its lifecycle.
The other problem with this is that there isn't just one CPython 2.7, there
are many. It's likely that most people get their Python from whatever
distribution/package manager they use. Looking at active Ubuntu/Debian
releases you can see Python 2.7's from 2.7.3 to 2.7.13. Few if any of those
will get the new feature backported, so that makes it difficult to rely on
them being present.
I agree with Jim that it makes sense to backport security fixes. Usually
those are more well contained, and thus easier to cherry pick into stable
releases. New features are much tougher to justify the potential for
regressions.
Cheers,
-Barry
More information about the Python-Dev
mailing list