Author christian.heimes
Recipients Jim.Jewett, Lukasa, alex, christian.heimes, dstufft, georg.brandl, giampaolo.rodola, hynek, janssen, larry, python-dev, steve.dower
Date 2016-09-08.09:16:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <cde5566f-1e0c-a16d-2fa3-bcd164738f3f@cheimes.de>
In-reply-to <1473319738.65.0.631343887441.issue27850@psf.upfronthosting.co.za>
Content
On 2016-09-08 09:28, Cory Benfield wrote:
> 
> Cory Benfield added the comment:
> 
> Thanks for your response Larry. I think it cleared up my understanding a bit, and I'm (extremely!) sympathetic to your desire to not get any closer to this problem than you have to.
> 
> I think it may be worth, in future, defining what effort will be made to achieve compatibility with libraries that Python relies on. I can see several questions here that, AFAIK, have no concrete answer:
> 
> - Can a Python minor version increase (e.g. 3.6 -> 3.7) add support for a new ABI in a library dependency? (This one has an answer, which is certainly yes, but we could still stand to write it down because you'd be amazed how often it helps to write down the basic starting point of the argument.)
> - Can a Python patch version increase *before* security release mode (e.g. 3.6.1 -> 3.6.2) add support for a new ABI in a library dependency?
>     - What about a new API that maintains ABI compatibility?
> - Can a Python security version increase (e.g. 3.4.5 -> 3.4.6) add support for a new ABI in a library dependency?
>     - What about a new API that maintains ABI compatibility?
> - How do the answers to the above questions vary if the change is security-focused (e.g. AES is broken tomorrow so ChaCha20 is the only safe cipher left in OpenSSL)?
> 
> I'm not qualified or authoritative enough to answer those questions, but having an answer to them would help modulate expectations from people like myself.

I'm going to discuss these points in my OpenSSL PEP. Thanks for the
summary :)
History
Date User Action Args
2016-09-08 09:16:47christian.heimessetrecipients: + christian.heimes, georg.brandl, janssen, larry, giampaolo.rodola, alex, python-dev, hynek, Jim.Jewett, steve.dower, dstufft, Lukasa
2016-09-08 09:16:47christian.heimeslinkissue27850 messages
2016-09-08 09:16:47christian.heimescreate