On 11 May 2015 10:16 pm, "Robert Kuska" <rkuska at redhat.com> wrote: > > > > > > > Oh, another issue that I forgot to mention-- > > > > A fair number of people had no idea that Python wasn't validating TLS before > > 2.7.9/3.4.3 however as part of the processing of changing that in 2.7.9 a lot > > of people became aware that Python's before 2.7.9 didn't validate but that > > Python 2.7.9+ does. I worry that if Redhat (or anyone) ships a Python 2.7.9 > > that doesn't verify by default then they are going to be shipping something > > which defies the expectations of those users who were relying on the fact > > that > > Python 2.7.9+ was supposed to be secure by default now. You're > > (understandibly) > > focusing on "I already have my thing running on Python 2.7.8 and I want to > > yum update and get 2.7.9 and have things not visibly break", As Robert noted, it would be a matter of updating to a 2.7.5 with more patches backported, rather than rebasing to a newer upstream version. I can make the "do not change the default behaviour relative to the corresponding upstream version" guidance explicit in the PEP, though. Cheers, Nick. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20150512/5f102069/attachment-0001.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4