Le 23 mai 2017 20:43, "David Wilson" <dw+python-...@hmmz.org> a écrit : In which case, what is to prevent Requests from just depending on
pyOpenSSL as usual? >From what I heard, pyOpenSSL development is slowing down, so I'm not sure that it's really safe and future-proof (TLS 1.3 anyone?). I'm still writing 2.7 code every day and would love to see it live a little longer, but accepting every feature request seems the wrong way to go - and MemoryBIO is a hard sell as a security enhancement, it's new functionality. You are true that they are new features. I disagree on the "accepting every feature" part: we are talking about two classes and it's restricted to security. Security matters for me and for practical reasons explained in thid thread, we need the two classes. Cory's PEP adds long awaited features (bugfixes?) to TLS, like getting access to root certificates on macOS and Windows. Not having to provide our own set of root certificates would make applications hlobally more secure. It's ttricky to update certificates. It happens that root CA are revoked after aa break-in or because the CA is no more trusted. I also understood that getting access to system CA allows admins to register their company CA and so avoid that users ignore the TLS warning (unknown CA). Victor
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
