Hi, 2014-03-22 22:11 GMT+01:00 Nick Coghlan <ncoghlan at gmail.com>: > In particular, the exception will apply to: > > * the ``ssl`` module > * the ``hashlib`` module > * the ``hmac`` module > * the ``sha`` module (Python 2 only) > * the components of other networking modules that make use of these modules > * the components of the ``random`` and ``os`` modules that are relevant to > cryptographic applications > * the version of OpenSSL bundled with the binary installers The current Python development cycle is too slow to track latest security recommandations. Python 2.7 is now very far from Python 3.4, so backportng so many features is very complex and error-prone. IMO A third-party module backporting all these security enhancements would be easy to develop. There are already M2Crypto, cryptography and PyOpenSSL modules for example. You may reuse them. The drawback is that applications would be benefit immediatly from this work, they should be modified to use the new module. But usually, developers who care of security are able to do these modifications. The PEP is very generic. Can you try to list all missing security features of old Python versions? Victor
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4