Antoine Pitrou <pit...@free.fr> added the comment: > Here is a letter that I just received, in my role as a developer of > Tahoe-LAFS, from a concerned coder who doesn't know much about Python: > > > An FYI on Python. > > > > I'm not sure how businesses handle this (I've always worked in > Windows > > shops), but I imagine some might consider pulling Python until it is > > properly secured. Pulling Python might affect Tahoe, which I would > > like to see do well.
That sounds like an inventively outrageous kind of FUD. It's the first time I hear of someone writing to third-party library authors in order to pressure them to pressure the maintainers of a programming language implementation to make some "decisions". By the way, if "businesses" are really concerned about the security problems induced by this issue, they can sponsor the effort to get the bug fixed. It shouldn't be a lot of work. > This appears to be a concern for some people. Maybe the builtin ssl > module should be deprecated if there isn't a lot of manpower to > maintain it and instead the well-maintained pyOpenSSL package should > become the recommended tool? Correct me if I'm wrong, but the "well-maintained pyOpenSSL package" doesn't have the missing functionality (hostname checking in server certificates), either. M2Crypto has it, though. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
