Feasibility of Python 2.7 security update in 14.04
Clint Byrum
clint at ubuntu.com
Fri Oct 21 23:12:16 UTC 2016
Excerpts from Ernst Sjöstrand's message of 2016-10-21 11:08:07 +0200:
> Hi,
>
> I'm all in favor of updating things like this, however these two have the
> potential to break some custom scripts out there I think:
>
> - HTTPS certificate validation using the system's certificate store is
> now enabled by default. See PEP 476
> <https://www.python.org/dev/peps/pep-0476/> for details.
> - SSLv3 has been disabled by default in httplib and its reverse
> dependencies due to the POODLE attack
> <https://www.imperialviolet.org/2014/10/14/poodle.html>.
>
That's a good point. However, things "broken" by this were already
_extremely_ broken.
More information about the Ubuntu-devel-discuss
mailing list