On 24 May 2017 at 10:46, Victor Stinner <victor.stin...@gmail.com> wrote: > Hi, > > Would you be ok to backport ssl.MemoryBIO and ssl.SSLObject on Python > 2.7? I can do the backport. > > https://docs.python.org/dev/library/ssl.html#ssl.MemoryBIO
+1 from me - the last SSL module resync to 2.7 was from 3.4, and bringing them back closer to feature parity again is genuinely beneficial in ensuring the Python ecosystem is able to keep up with evolving network security standards. Guido requested back when PEP 466 was written that any further security backports come with their own PEP in order to clearly communicate what's being backported, and the "What's New in Python 2.7 Maintenance Releases?" section is organised accordingly. However, the "Why?" section in such a PEP can be a lot shorter than it was for the original precedent setting one, since it only needs to describe the benefits of the specific security features being backported, rather than having to make the case for the idea of backporting security features in general. Cheers, Nick. P.S. Somewhat related, folks may be interested to know that the upcoming RHEL 7.4 release finally completes the process of backporting PEPs 466 & 476 to the RHEL system Python by switching the default behaviour for new installs to be to verify SSL/TLS certificates against the system trust store: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_compiler_and_tools.html -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
