Marc-Andre Lemburg added the comment: On 20.11.2015 12:10, Cory Benfield wrote: > Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide > them as tarballs. I have a beta of 1.0.2 floating around somewhere on my > machine that I was using for ALPN testing back in 2014, and so I can speak > from personal experience and say that people do actually work with betas > sometimes. On this issue (defending ourselves from a CVE) my instinct is to > be conservative. However, we should allow later patch releases of OpenSSL > 1.0.0 to have this optimisation if they're safe.
Ah, right. For new major release versions such as 1.0.1 or 1.0.2 they do ship betas, but historically they have often introduced new features in their abcde... level releases without doing betas for those first - that's what I was thinking of :-) > Therefore, I've uploaded a new patch that does allow for 1.0.0m and later to > use this optimisation too. It makes the conditional a little more complex, > but c'est la vie. LGTM Thanks, -- Marc-Andre Lemburg eGenix.com ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25672> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com