On 29 April 2014 17:02, Stefan Krah <stefan-use...@bytereef.org> wrote: > Mike Miller <python-...@mgmiller.net> wrote: >> I have to say I'm a bit baffled. I expected disagreement, but >> didn't expect that multiple reasons against would be made up >> seemingly at random? I and a company I work for (that distributes >> Py) have been installing Python to ProgramFiles for almost a decade, >> and can assure that none of those things you mention have yet >> happened. > > Relax, I don't think Steve is making things up. That said, I can confirm > what you wrote: I've always installed Python to "Program Files" and I've > never had any issues (then again, I'm mostly using Linux).
It's important to note that the feature backport exceptions in the network security enhancements PEP were granted specifically because they had security implications *beyond* the specific systems and applications still running Python 2.7. Unfortunately, I lost some of that rationale when I trimmed it down to the more specific proposal: ============================== The key requirement for a feature to be considered for inclusion in this policy is that it must have security implications *beyond* the specific application that is written in Python and the system that application is running on. Thus the focus on network security protocols, password storage and related cryptographic infrastructure - Python is a popular choice for the development of web services and clients, and thus the capabilities of widely used Python versions have implications for the security design of other services that may themselves be using newer versions of Python or other development languages, but need to interoperate with clients or servers written using older versions of Python. The intent behind this requirement is to minimise any impact that the introduction of this policy may have on the stability and compatibility of maintenance releases. It would be thoroughly counterproductive if end users became as cautious about updating to new Python 2.7 maintenance releases as they are about updating to new feature releases within the same release series. ============================== I'll find a place to add that back in (not tonight, though), since it's an important part of the reason Mike's suggested installer changes are *not* remotely in scope for 2.7.7. However, that's currently not obvious to folks that have only read the final version of the PEP, and didn't see the earlier more open ended versions that included that text. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
