[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Paul G
paul at ganssle.io
Sat Jan 13 21:48:49 EST 2018
One thing to note is that if getting Travis working with Python 3.7 is a pain, a huge number of libraries on PyPI probably just won't test against Python 3.7, which is not a great situation to be in.
It's probably worth contacting Travis to give them a head's up and see how likely it is that they'll be able to support Python 3.7 if it requires a newer version of these libraries.
On January 14, 2018 2:16:53 AM UTC, Brett Cannon <brett at python.org> wrote:
>On Sat, Jan 13, 2018, 14:45 Christian Heimes, <christian at python.org>
>wrote:
>
>> On 2018-01-13 21:02, Brett Cannon wrote:
>> > +1 from me as well for the improved security.
>>
>> Thanks, Brett!
>>
>> How should we handle CPython's Travis CI tests? The 14.04 boxes have
>> OpenSSL 1.0.1. To the best of my knowledge, Travis doesn't offer
>16.04.
>> We could either move to container-based testing with a 16.04
>container,
>> which would give us 1.0.2 Or we could compile our own copy of OpenSSL
>> with my multissl builder and use some rpath magic.
>>
>> In order to test all new features, Ubuntu doesn't cut it. Even
>current
>> snapshot of Ubuntu doesn't contain OpenSSL 1.1. Debian Stretch or
>Fedora
>> would do the trick, though.
>>
>> Maybe Barry's work on official test container could leveraged
>testing?
>>
>
>My guess is we either move to containers on Travis, see if we can
>manually
>install -- through apt or something -- a newer version of OpenSSL, or
>we
>look at alternative CI options.
>
>-Brett
>
>
>> Regards,
>> Christian
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180114/0a001707/attachment.html>
More information about the Python-Dev
mailing list