Re: [Python-Dev] Windows installers and OpenSSL

2014-04-13 Thread Martin v. Löwis
Am 10.04.14 15:41, schrieb Paul Moore: Given the OpenSSL vulnerability and the fact that we bundle OpenSSL with the Windows installers (1.0.1e in Python 3.4.0) should we be releasing updated installers? As others have said: certainly, and only for 3.4.0 (i.e. 2.7 in particular is not affected

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-13 Thread Steve Dower
. Löwismailto:mar...@v.loewis.de Sent: ‎4/‎13/‎2014 14:51 To: Paul Mooremailto:p.f.mo...@gmail.com; Python Devmailto:python-dev@python.org Subject: Re: [Python-Dev] Windows installers and OpenSSL Am 10.04.14 15:41, schrieb Paul Moore: Given the OpenSSL vulnerability and the fact that we bundle OpenSSL

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-13 Thread Martin v. Löwis
Am 13.04.14 21:41, schrieb Steve Dower: I'm willing to embark on migrating the entire installer to WiX, which doesn't directly fix any particular issue, but could significantly reduce the overhead of building and maintaining the Windows installers. I somewhat doubt that it could reduce the

[Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread Paul Moore
Given the OpenSSL vulnerability and the fact that we bundle OpenSSL with the Windows installers (1.0.1e in Python 3.4.0) should we be releasing updated installers? Paul ___ Python-Dev mailing list Python-Dev@python.org

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread MRAB
On 2014-04-10 14:41, Paul Moore wrote: Given the OpenSSL vulnerability and the fact that we bundle OpenSSL with the Windows installers (1.0.1e in Python 3.4.0) should we be releasing updated installers? I'd say yes, but, then, I wouldn't be doing any of the work...

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread Gregory P. Smith
Yep. All binary Python distributions that bundle SSL support need updating. But... what MRAB said. We also *likely* have SSL certificates and SSH host keys on python.orginfrastructure that need to be revoked and new certs reissued *after* all of those machines have been patched and their services

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread Benjamin Peterson
On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote: Yep. All binary Python distributions that bundle SSL support need updating. But... what MRAB said. We also *likely* have SSL certificates and SSH host keys on python.orginfrastructure that need to be revoked and new certs reissued

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread Nick Coghlan
On 10 Apr 2014 18:55, Benjamin Peterson benja...@python.org wrote: On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote: Yep. All binary Python distributions that bundle SSL support need updating. But... what MRAB said. We also *likely* have SSL certificates and SSH host keys on

Re: [Python-Dev] Windows installers and OpenSSL

2014-04-10 Thread M.-A. Lemburg
On 11.04.2014 03:15, Nick Coghlan wrote: On 10 Apr 2014 18:55, Benjamin Peterson benja...@python.org wrote: On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote: Yep. All binary Python distributions that bundle SSL support need updating. But... what MRAB said. We also *likely* have SSL