Feasibility of Python 2.7 security update in 14.04
Ernst Sjöstrand
ernstp at gmail.com
Fri Oct 21 09:08:07 UTC 2016
Hi,
I'm all in favor of updating things like this, however these two have the
potential to break some custom scripts out there I think:
- HTTPS certificate validation using the system's certificate store is
now enabled by default. See PEP 476
<https://www.python.org/dev/peps/pep-0476/> for details.
- SSLv3 has been disabled by default in httplib and its reverse
dependencies due to the POODLE attack
<https://www.imperialviolet.org/2014/10/14/poodle.html>.
Regards
//Ernst
2016-10-20 19:28 GMT+02:00 Aaron Gable <agable at chromium.org>:
> Thanks!
>
> On Wed, Oct 19, 2016 at 11:38 PM Marc Deslauriers <
> marc.deslauriers at canonical.com> wrote:
>
>> Hi,
>>
>> On 2016-10-20 03:32 AM, Aaron Gable wrote:
>> > Hi Ubuntu devs,
>> >
>> > I'd like to inquire about the feasibility of including a update to the
>> > python2.7[1] package in Ubuntu 14.04 LTS Trusty Tahr.
>> >
>> > In particular, the package is currently pinned at Python version
>> 2.7.6[2] (from
>> > November 2.13). However, version 2.7.9[3] (from December 2014) includes
>> > significant network security enhancements[4] that I believe may justify
>> an update.
>> >
>> > Is such an update simply out of the question for an LTS release? If
>> not, who are
>> > the relevant people for me to discuss this in more depth with?
>> >
>> > Thanks for your help,
>> > Aaron
>> >
>> > [1] http://packages.ubuntu.com/trusty/python2.7
>> > [2] https://www.python.org/download/releases/2.7.6/
>> > [3] https://www.python.org/downloads/release/python-279/
>> > [4] https://www.python.org/dev/peps/pep-0466/
>> >
>> >
>>
>> The plan was to update Ubuntu 14.04 to Python 2.7.10. I'm not sure what
>> the
>> current status is:
>>
>> https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1348955
>> https://bugs.launchpad.net/ubuntu/+bug/1525507
>
>
> Is there anything I can do to help these bugs get triaged/prioritized and
> assigned?
>
> +doko at canonical.com
> Matthias, can you provide additional context on the background and current
> progress on those bugs?
>
> Thanks,
> Aaron
>
>
>>
>>
>> Marc.
>>
>>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/ubuntu-devel-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20161021/f587a684/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list