Well, things evolved recently. asyncio is getting more popular, TLS became even more important, and pyOpenSSL is not more evolving (from what I heard from his maintainer, Hynek). Does Twister still use pyOpenSSL?
I like the idea of putting more security stuff into Python to ease maintainance of applications and try to make it as security as possible. Python has more resources (ex: CI) than some smaller projects. Victor 2017-05-23 19:49 GMT-05:00 Alex Gaynor <alex.gay...@gmail.com>: > I'm +1 on this, I even wrote the patch: https://bugs.python.org/issue22559 > :-) If you're interested in making sure that still applies and tests still > pass, I'd be a big fan. > > In addition to all the benefits you mentioned, it also substantially reduces > the diff between 2.7 and 3.x (or at least it did when I originally wrote > it). > > Cheers, > Alex > > On Tue, May 23, 2017 at 8:46 PM, Victor Stinner <victor.stin...@gmail.com> > wrote: >> >> Hi, >> >> Would you be ok to backport ssl.MemoryBIO and ssl.SSLObject on Python >> 2.7? I can do the backport. >> >> https://docs.python.org/dev/library/ssl.html#ssl.MemoryBIO >> >> Cory Benfield told me that it's a blocking issue for him to implement >> his PEP 543 -- A Unified TLS API for Python 2.7: >> >> https://www.python.org/dev/peps/pep-0543/ >> >> And I expect that if a new cool TLS API happens, people will want to >> use it on Python 2.7-3.6, not only on Python 3.7. Security evolves >> more quickly that the current Python release process, and people wants >> to keep their application secure. >> >> From what I understood, he wants to first implement an abstract >> MemoryBIO API (http://sans-io.readthedocs.io/ like API? I'm not sure >> about that), and then implement a socket/FD based on top of that. >> Maybe later, some implementations might have a fast-path using >> socket/FD directly. >> >> He described me his PEP and I strongly support it (sorry, I missed it >> when he posted it on python-dev), but we decided (Guido van Rossum, >> Christian Heimes, Cory Benfield and me, see the tweet below) to not >> put this in the stdlib right now, but spend more time on testing it on >> Twisted, asyncio, requests, etc. So publishing an implementation on >> PyPI was proposed instead. It seems like we agreed on a smooth plan >> (or am I wrong, Cory?). >> >> https://twitter.com/VictorStinner/status/865467388141027329 >> >> I'm quite sure that Twisted will love MemoryBIO on Python 2.7 as well, >> to implement TLS, especially on Windows using IOCP. Currently, >> external libraries (C extensions) are required. >> >> I'm not sure if the PEP 466 should be amended for that? Is a new PEP >> really needed? MemoryBIO/SSLObject are tiny. Nick (Coghlan): what do >> you think? >> >> https://www.python.org/dev/peps/pep-0466/ >> >> Victor > > > > > -- > "I disapprove of what you say, but I will defend to the death your right to > say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
