On Thu, Oct 19, 2017 at 8:19 AM Emmanuel Charpentier < emanuel.charpent...@gmail.com> wrote:
> Dear Erik > > Le jeudi 19 octobre 2017 09:19:00 UTC+2, Erik Bray a écrit : > >> On Wed, Oct 18, 2017 at 8:36 PM, Jeroen Demeyer <jdem...@cage.ugent.be> >> wrote: >> > On 2017-10-18 19:02, Emmanuel Charpentier wrote: >> >> >> >> This option commits us to maintain (unnecessary and dangerous, IMHO) >> >> Sage-specifc SSL patches at least in R, Python and pip >> > >> > >> > Really? Which Sage-specific SSL patches does this require in Python and >> pip? >> > >> > It seems to me that R is the only package causing us so much trouble >> with >> > SSL. >> >> There *was* an issue in pip (not Python itself though that I can >> recall--Python works fine without SSL support obviously). However, >> the pip issue has since been fixed upstream (pip can work without SSL >> for installing packages from sources other than PyPI, there was just a >> bug with imports failing if the ssl module was not importable). >> >> If R still requires such a patch I think we should get really pushy >> with upstream about getting them to accept it. > > > No : this policy decision is recent, and the "R Core Team" seems pretty > adamant to switch to https repositories for all of CRAN. I seriously doubt > that they would reverse this decision on the behalf of a bunch of > mathematicians for whom R usage may be deemed as "peripheral"... > Good, as well they should. Like you, they likely feel a responsibility to their users to do the right thing regarding security. I really appreciate the "so much trouble" you are "causing" Emmanuel. -- William -- -- William Stein -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.