Message 240808 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ned.deily
Recipients	alex, dstufft, jeremy.kloth, larry, lemburg, ned.deily, pitrou, python-dev, steve.dower, zach.ware
Date	2015-04-13.23:36:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1428968207.63.0.941464197975.issue23686@psf.upfronthosting.co.za>
In-reply-to

Content
I don't have a really strong feeling one way or the other. It's not a big issue for the OS X installers as this only affects the much-less-used 32-bit-only installer for old systems. So this is really primarily an issue affecting the Windows installers. I guess one could argue that 1.0.2 is the current path forward for OpenSSL particularly over the support lifetime of 3.5.0 and there will be ample opportunity to update as necessary whatever version of the OpenSSL is included, both prior to the 3.5.0 release date and afterwards but there is something to be said for being a bit conservative wrt new OpenSSL release branches. I think it would be good to solicit the opinion of the other core developers interested in security and the Windows installers and let Larry make the call, if necessary. Alex, Donald, Antoine, Steve: any comments on shipping 1.0.1x vs 1.0.2x? > https://github.com/openssl/openssl/pull/218 > (certificate expiry checks not working) That issue appears to have been fixed in 1.0.2a, no?

I don't have a really strong feeling one way or the other.  It's not a big issue for the OS X installers as this only affects the much-less-used 32-bit-only installer for old systems.  So this is really primarily an issue affecting the Windows installers.  I guess one could argue that 1.0.2 is the current path forward for OpenSSL particularly over the support lifetime of 3.5.0 and there will be ample opportunity to update as necessary whatever version of the OpenSSL is included, both prior to the 3.5.0 release date and afterwards but there is something to be said for being a bit conservative wrt new OpenSSL release branches.  I think it would be good to solicit the opinion of the other core developers interested in security and the Windows installers and let Larry make the call, if necessary.

Alex, Donald, Antoine, Steve: any comments on shipping 1.0.1x vs 1.0.2x? 


> https://github.com/openssl/openssl/pull/218
> (certificate expiry checks not working)

That issue appears to have been fixed in 1.0.2a, no?

History
Date	User	Action	Args
2015-04-13 23:36:47	ned.deily	set	recipients: + ned.deily, lemburg, pitrou, larry, alex, jeremy.kloth, python-dev, zach.ware, steve.dower, dstufft
2015-04-13 23:36:47	ned.deily	set	messageid: <1428968207.63.0.941464197975.issue23686@psf.upfronthosting.co.za>
2015-04-13 23:36:47	ned.deily	link	issue23686 messages
2015-04-13 23:36:47	ned.deily	create