Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On 27 November 2015 at 17:42, Stephen J. Turnbull wrote: > Nick Coghlan writes: > > > This is a significant rewrite that switches the PEP to a Standards > > Track PEP proposing two new features for 2.7.12+: an > > "ssl._verify_https_certificates()" configuration function, and a > > "PYTHONHTTP

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On 27 November 2015 at 10:52, Nick Coghlan wrote: > On 27 November 2015 at 03:15, Barry Warsaw wrote: >> On Nov 26, 2015, at 03:06 PM, Nick Coghlan wrote: >>>In this particular case, the migration problems were already raised in >>>the PEP 476 discussions, and the decision was made to *not* provi

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On Nov 26, 2015 4:53 PM, "Nick Coghlan" wrote: > > On 27 November 2015 at 03:15, Barry Warsaw wrote: > > > Likewise in Ubuntu, we try to keep deviations from Debian at a minimum, and > > document them when we must deviate. Ubuntu is a community driven distro so > > while Canonical itself has cu

[Python-Dev] crash bug in weakref_richcompare?

Hi I have come across some dubious code in Objects/weakrefobject.c which looks like a bug to me, but wanted to run it past others. This was discovered from looking at crash dumps from a multithreaded python app (using Python 2.7.9, but the same weakref code exists in 3.5 and hg tip). The code

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On 27 November 2015 at 03:15, Barry Warsaw wrote: > On Nov 26, 2015, at 03:06 PM, Nick Coghlan wrote: > >>I'm not a big fan of it either, but it's the way sustainable >>commercial open source distribution works in practice: > > While it's inevitable that redistributors have to deviate from upstrea

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On Nov 26, 2015, at 03:06 PM, Nick Coghlan wrote: >I'm not a big fan of it either, but it's the way sustainable >commercial open source distribution works in practice: While it's inevitable that redistributors have to deviate from upstream, in Debian and Ubuntu, we really try to keep that at a mi

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

On Nov 26, 2015, at 02:13 PM, Nick Coghlan wrote: >PEP 476 rejected providing a public indefinitely maintained API for this, so >PEP 493 is specifically about helping commercial redistributors offer a >smoother transition plan to customers without affecting the public Python >level API, and withou