Ned Deily added the comment:

"My understanding is that when we build an osx release, we bundle openssl."

Well, no, we don't exactly do that today.  We have recently been doing that for 
the 10.5 installer because the 10.5 system version of OpenSSL is so old as to 
be unusable for PyPI downloads (and pretty much everything else).  But the much 
more commonly used 10.6+ installer dynamically links with the latest (but 
deprecated) system OpenSSL libs shipped with OS X, libs that are old but usable 
and still receiving Apple security fixes on current systems.  The main reason 
for doing that is that this solution uses the Apple-provided system and user 
keychains for certificate management.  There are other drawbacks, though, and 
we have an open issue to deal with that.  (The python.org Pythons are not 
affected by the lack of headers since the libs are still shipped in OS X 
10.11.)  What I think this issue should address is making it easier to build 
Python on 10.11 (and earlier systems) with newer versions of OpenSSL.  It 
should be easier to use OpenSSL libs supplied by popular third-party distri
 butors like Homebrew and MacPorts.  Without having thought through all the 
details, I'm thinking it might be best to provide a configure-time check and 
option, possibly with standard options for the system,  Homebrew (default 
path), MacPorts (default path), and user-built SSL headers/libs.  It would also 
be good to provide something which will build the handful of important missing 
and/or newer third-party libs needed on OS X by the interpreter and standard 
library, like SSL libs, liblzma, and Tk.  But that's a separate issue.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25572>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to