PEP 466 approved bring the core Python 2 network security infrastructure up to speed with the modern internet.
Alex Gaynor has provided a draft patch of the most complex part of that PEP, backporting the bulk of the Python 3.4 SSL module to Python 2.7: http://bugs.python.org/issue21308#msg223895
This is also the part of the PEP most likely to break things, so figuring out a way to test it in Fedora before it makes it into an upstream CPython release would be a good idea...
Cheers, Nick.
----- Original Message -----
PEP 466 approved bring the core Python 2 network security infrastructure up to speed with the modern internet.
Alex Gaynor has provided a draft patch of the most complex part of that PEP, backporting the bulk of the Python 3.4 SSL module to Python 2.7: http://bugs.python.org/issue21308#msg223895
This is also the part of the PEP most likely to break things, so figuring out a way to test it in Fedora before it makes it into an upstream CPython release would be a good idea...
We could create a copr repo where we would rebuild python (in an SCL?) with these patches and then we'd rebuild some modules that use ssl - to see if the tests pass and if they're actually usable. The disadvantage of this approach is that it just takes lots of time to implement... Or, if we're feeling lucky, we can just build Python with these patches in rawhide and see if something breaks :) That's easy and fast (assuming everything works fine).
I'd really love to help here, but I really can't spare enough time to do it "properly" in Copr as noted above. So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python? Slavek
Cheers, Nick.
On 07/30/2014 12:16 AM, Bohuslav Kabrda wrote:
----- Original Message -----
PEP 466 approved bring the core Python 2 network security infrastructure up to speed with the modern internet.
Alex Gaynor has provided a draft patch of the most complex part of that PEP, backporting the bulk of the Python 3.4 SSL module to Python 2.7: http://bugs.python.org/issue21308#msg223895
This is also the part of the PEP most likely to break things, so figuring out a way to test it in Fedora before it makes it into an upstream CPython release would be a good idea...
We could create a copr repo where we would rebuild python (in an SCL?) with these patches and then we'd rebuild some modules that use ssl - to see if the tests pass and if they're actually usable. The disadvantage of this approach is that it just takes lots of time to implement... Or, if we're feeling lucky, we can just build Python with these patches in rawhide and see if something breaks :) That's easy and fast (assuming everything works fine).
I'd really love to help here, but I really can't spare enough time to do it "properly" in Copr as noted above. So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python?
Patching rawhide would be wonderful. The patch is at last passing Python's own test suite, so it shouldn't have broken anything too dramatically.
Cheers, Nick.
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com To: python-devel@lists.fedoraproject.org Sent: Thursday, August 7, 2014 10:00:51 AM Subject: Re: Python 2.7 SSL upgrade patch available for testing
On 07/30/2014 12:16 AM, Bohuslav Kabrda wrote:
----- Original Message -----
PEP 466 approved bring the core Python 2 network security infrastructure up to speed with the modern internet.
Alex Gaynor has provided a draft patch of the most complex part of that PEP, backporting the bulk of the Python 3.4 SSL module to Python 2.7: http://bugs.python.org/issue21308#msg223895
This is also the part of the PEP most likely to break things, so figuring out a way to test it in Fedora before it makes it into an upstream CPython release would be a good idea...
We could create a copr repo where we would rebuild python (in an SCL?) with these patches and then we'd rebuild some modules that use ssl - to see if the tests pass and if they're actually usable. The disadvantage of this approach is that it just takes lots of time to implement... Or, if we're feeling lucky, we can just build Python with these patches in rawhide and see if something breaks :) That's easy and fast (assuming everything works fine).
I'd really love to help here, but I really can't spare enough time to do it "properly" in Copr as noted above. So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python?
Patching rawhide would be wonderful. The patch is at last passing Python's own test suite, so it shouldn't have broken anything too dramatically.
Cheers, Nick.
-- Nick Coghlan Red Hat Hosted & Shared Services Software Engineering & Development, Brisbane
HSS Provisioning Architect _______________________________________________ python-devel mailing list python-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/python-devel
Hi everyone,
I am willing to work on this starting next week (atm I am at flock), I will test it along with some ssl dependent packages. Regards,
Robert Kuska ----------------------------------------------------- rkuska @ #fedora-devel on freenode #brno #gulag #software-collections on brq.redhat
On 08/07/2014 06:10 PM, Robert Kuska wrote:
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com On 07/30/2014 12:16 AM, Bohuslav Kabrda wrote:
So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python?
Patching rawhide would be wonderful. The patch is at last passing Python's own test suite, so it shouldn't have broken anything too dramatically.
I am willing to work on this starting next week (atm I am at flock), I will test it along with some ssl dependent packages.
Did anyone get a chance to try this out?
Regards, Nick.
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com To: python-devel@lists.fedoraproject.org Sent: Monday, August 18, 2014 7:57:21 AM Subject: Re: Python 2.7 SSL upgrade patch available for testing
On 08/07/2014 06:10 PM, Robert Kuska wrote:
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com On 07/30/2014 12:16 AM, Bohuslav Kabrda wrote:
So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python?
Patching rawhide would be wonderful. The patch is at last passing Python's own test suite, so it shouldn't have broken anything too dramatically.
I am willing to work on this starting next week (atm I am at flock), I will test it along with some ssl dependent packages.
Did anyone get a chance to try this out?
Hi Nick,
sorry for the delay.
I did apply the patch, I have encountered seg fault in unicodeobject.c. Right now I am checking for diffs in upstream 2.7 branch between our unicodeobject.c and theirs.
After that I will update the upstream bug report.
Regards, Nick.
-- Nick Coghlan Red Hat Hosted & Shared Services Software Engineering & Development, Brisbane
HSS Provisioning Architect _______________________________________________ python-devel mailing list python-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/python-devel
Regards,
Robert Kuska ----------------------------------------------------- rkuska @ #fedora-devel on freenode #brno #gulag #software-collections on brq.redhat
On 08/18/2014 04:23 PM, Robert Kuska wrote:
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com To: python-devel@lists.fedoraproject.org Sent: Monday, August 18, 2014 7:57:21 AM Subject: Re: Python 2.7 SSL upgrade patch available for testing
On 08/07/2014 06:10 PM, Robert Kuska wrote:
----- Original Message -----
From: "Nick Coghlan" ncoghlan@redhat.com On 07/30/2014 12:16 AM, Bohuslav Kabrda wrote:
So the question is, are we feeling lucky? :) I'd say yes, since rawhide has just recently become future Fedora 22 and not much is going on in there right now. If we break something, we can just revert it quickly and everything will be fine.
Is someone strictly against this or shall I move on with patching our rawhide Python?
Patching rawhide would be wonderful. The patch is at last passing Python's own test suite, so it shouldn't have broken anything too dramatically.
I am willing to work on this starting next week (atm I am at flock), I will test it along with some ssl dependent packages.
Did anyone get a chance to try this out?
Hi Nick,
sorry for the delay.
I did apply the patch, I have encountered seg fault in unicodeobject.c. Right now I am checking for diffs in upstream 2.7 branch between our unicodeobject.c and theirs.
After that I will update the upstream bug report.
Thanks! The Windows and Mac OS X side of things are still going to qualify as "interesting" regardless, but we should be able to address a lot of the stability concerns on the Linux side... once we work out what it breaks :)
Cheers, Nick.
python-devel@lists.fedoraproject.org
-
Bohuslav Kabrda -
Nick Coghlan -
Robert Kuska