Re: Request for pronouncement on PEP 493 (HTTPS
verification backport guidance)
[Posted December 2, 2015 by jake]
| From: |
| Robert Collins <robertc-AT-robertcollins.net> |
| To: |
| Barry Warsaw <barry-AT-python.org> |
| Subject: |
| Re: Request for pronouncement on PEP 493 (HTTPS verification backport guidance) |
| Date: |
| Thu, 26 Nov 2015 09:17:02 +1300 |
| Message-ID: |
| <CAJ3HoZ0DKXRZ2DYQAm+m=xsYgbf+akC3JTfgFXhe9ZpP2dn2Bw@mail.gmail.com> |
| Cc: |
| Python Development List <python-dev-AT-python.org> |
| Archive‑link: | |
Article |
On 26 November 2015 at 08:57, Barry Warsaw <barry@python.org> wrote:
> There's a lot to process in this thread, but as I see it, the issue breaks
> down to these questions:
>
> * How should PEP 493 be implemented?
>
> * What should the default be?
>
> * How should PEP 493 be worded to express the right tone to redistributors?
>
> Let me take on the implementation details here.
>
> On Nov 24, 2015, at 04:04 PM, M.-A. Lemburg wrote:
>
>>I would still find having built-in support for the recommendations
>>in the Python stdlib a better approach
>
> As would I.
For what its worth: a PEP telling distributors to patch the standard
library is really distasteful to me.
We've spent a long time trying to build close relations such that when
something doesn't work distributors can share their needs with us and
we can make Python out of the box be a good fit. This seems to fly in
the exact opposite direction: we're explicitly making it so that
Python builds on these vendor's platforms will not be the same as you
get by checking out the Python source code.
Ugh.
-Rob
--
Robert Collins <rbtcollins@hp.com>
Distinguished Technologist
HP Converged Cloud
