Christian Heimes added the comment: On 2016-09-08 09:28, Cory Benfield wrote: > > Cory Benfield added the comment: > > Thanks for your response Larry. I think it cleared up my understanding a bit, > and I'm (extremely!) sympathetic to your desire to not get any closer to this > problem than you have to. > > I think it may be worth, in future, defining what effort will be made to > achieve compatibility with libraries that Python relies on. I can see several > questions here that, AFAIK, have no concrete answer: > > - Can a Python minor version increase (e.g. 3.6 -> 3.7) add support for a new > ABI in a library dependency? (This one has an answer, which is certainly yes, > but we could still stand to write it down because you'd be amazed how often > it helps to write down the basic starting point of the argument.) > - Can a Python patch version increase *before* security release mode (e.g. > 3.6.1 -> 3.6.2) add support for a new ABI in a library dependency? > - What about a new API that maintains ABI compatibility? > - Can a Python security version increase (e.g. 3.4.5 -> 3.4.6) add support > for a new ABI in a library dependency? > - What about a new API that maintains ABI compatibility? > - How do the answers to the above questions vary if the change is > security-focused (e.g. AES is broken tomorrow so ChaCha20 is the only safe > cipher left in OpenSSL)? > > I'm not qualified or authoritative enough to answer those questions, but > having an answer to them would help modulate expectations from people like > myself.
I'm going to discuss these points in my OpenSSL PEP. Thanks for the summary :) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27850> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com