Cory Benfield added the comment:
Thanks for your response Larry. I think it cleared up my understanding a bit,
and I'm (extremely!) sympathetic to your desire to not get any closer to this
problem than you have to.
I think it may be worth, in future, defining what effort will be made to
achieve compatibility with libraries that Python relies on. I can see several
questions here that, AFAIK, have no concrete answer:
- Can a Python minor version increase (e.g. 3.6 -> 3.7) add support for a new
ABI in a library dependency? (This one has an answer, which is certainly yes,
but we could still stand to write it down because you'd be amazed how often it
helps to write down the basic starting point of the argument.)
- Can a Python patch version increase *before* security release mode (e.g.
3.6.1 -> 3.6.2) add support for a new ABI in a library dependency?
- What about a new API that maintains ABI compatibility?
- Can a Python security version increase (e.g. 3.4.5 -> 3.4.6) add support for
a new ABI in a library dependency?
- What about a new API that maintains ABI compatibility?
- How do the answers to the above questions vary if the change is
security-focused (e.g. AES is broken tomorrow so ChaCha20 is the only safe
cipher left in OpenSSL)?
I'm not qualified or authoritative enough to answer those questions, but having
an answer to them would help modulate expectations from people like myself.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27850>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
