Jim Jewett added the comment: On Sep 6, 2016 10:55 PM, Donald Stufft added the comment:
> In the hypothetical case we don't backport ChaCha20 support and 3DES and AES constructs in TLS are no longer secure... what do you do? Do you just plug your fingers in your ears and hope nobody attacks you? That works fine for an awful lot of uses. For the ones where it doesn't work, people can either upgrade to 3.5 or get support from a reseller like red hat or caconical or ActiveState or ... Providing the support for free isn't *wrong*, but "we don't add new things except to the current release" is a both clear and sensible ... overriding should be rare. Assuming an override should be accepted just because "security" reminds me of the boy who cried wolf. > > Future OpenSSLs don't affect Python 3.4, as Python 3.4 won't be upgraded to them. ... > Well except LibreSSL already supports this just fine, Is switching to a different SSL library without OS vendor support any more reasonable than switching to a newer python without that same support? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27850> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
