Message274982
Thanks for your response Larry. I think it cleared up my understanding a bit, and I'm (extremely!) sympathetic to your desire to not get any closer to this problem than you have to.
I think it may be worth, in future, defining what effort will be made to achieve compatibility with libraries that Python relies on. I can see several questions here that, AFAIK, have no concrete answer:
- Can a Python minor version increase (e.g. 3.6 -> 3.7) add support for a new ABI in a library dependency? (This one has an answer, which is certainly yes, but we could still stand to write it down because you'd be amazed how often it helps to write down the basic starting point of the argument.)
- Can a Python patch version increase *before* security release mode (e.g. 3.6.1 -> 3.6.2) add support for a new ABI in a library dependency?
- What about a new API that maintains ABI compatibility?
- Can a Python security version increase (e.g. 3.4.5 -> 3.4.6) add support for a new ABI in a library dependency?
- What about a new API that maintains ABI compatibility?
- How do the answers to the above questions vary if the change is security-focused (e.g. AES is broken tomorrow so ChaCha20 is the only safe cipher left in OpenSSL)?
I'm not qualified or authoritative enough to answer those questions, but having an answer to them would help modulate expectations from people like myself. |
|
Date |
User |
Action |
Args |
2016-09-08 07:28:58 | Lukasa | set | recipients:
+ Lukasa, georg.brandl, janssen, larry, giampaolo.rodola, christian.heimes, alex, python-dev, hynek, Jim.Jewett, steve.dower, dstufft |
2016-09-08 07:28:58 | Lukasa | set | messageid: <1473319738.65.0.631343887441.issue27850@psf.upfronthosting.co.za> |
2016-09-08 07:28:58 | Lukasa | link | issue27850 messages |
2016-09-08 07:28:58 | Lukasa | create | |
|