<div dir="ltr">Yes, both points are true, which is why I initially asked if this could be upgraded as a [security] fix. This is certainly a security upgrade -- preventing POODLE and actually enforcing SSL validation (which lots of folks *think* the're getting, but aren't) are huge wins on the security front. And security upgrades are generally not required to be as strictly backwards compatible. This change would preserve API compatibility, and modify behavior for the better, so I would like to help it move forward. What can I do to help resolve the testing difficulties mentioned in <a href="https://bugs.launchpad.net/ubuntu/+bug/1525507">https://bugs.launchpad.net/ubuntu/+bug/1525507</a> ?<div><br></div><div>Aaron</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Oct 21, 2016 at 2:08 AM Ernst Sjöstrand <<a href="mailto:ernstp@gmail.com">ernstp@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg">Hi,<br class="gmail_msg"><br class="gmail_msg"></div>I'm all in favor of updating things like this, however these two have the potential to break some custom scripts out there I think:<br class="gmail_msg"><ul class="m_4585441280614897508gmail-simple gmail_msg"><li class="gmail_msg">HTTPS certificate validation using the system's certificate store is now
enabled by default. See <a class="m_4585441280614897508gmail-reference m_4585441280614897508external gmail_msg" href="https://www.python.org/dev/peps/pep-0476/" target="_blank">PEP 476</a> for details.</li><li class="gmail_msg">SSLv3 has been disabled by default in httplib and its reverse dependencies due to the <a class="m_4585441280614897508gmail-reference m_4585441280614897508external gmail_msg" href="https://www.imperialviolet.org/2014/10/14/poodle.html" target="_blank">POODLE attack</a>.</li></ul>Regards<br class="gmail_msg"></div>//Ernst<br class="gmail_msg"></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg">2016-10-20 19:28 GMT+02:00 Aaron Gable <span dir="ltr" class="gmail_msg"><<a href="mailto:agable@chromium.org" class="gmail_msg" target="_blank">agable@chromium.org</a>></span>:<br class="gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">Thanks!<br class="gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"><span class="gmail_msg"><div dir="ltr" class="gmail_msg">On Wed, Oct 19, 2016 at 11:38 PM Marc Deslauriers <<a href="mailto:marc.deslauriers@canonical.com" class="gmail_msg" target="_blank">marc.deslauriers@canonical.com</a>> wrote:<br class="gmail_msg"></div><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
On 2016-10-20 03:32 AM, Aaron Gable wrote:<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> Hi Ubuntu devs,<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> I'd like to inquire about the feasibility of including a update to the<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> python2.7[1] package in Ubuntu 14.04 LTS Trusty Tahr.<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> In particular, the package is currently pinned at Python version 2.7.6[2] (from<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> November 2.13). However, version 2.7.9[3] (from December 2014) includes<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> significant network security enhancements[4] that I believe may justify an update.<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> Is such an update simply out of the question for an LTS release? If not, who are<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> the relevant people for me to discuss this in more depth with?<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> Thanks for your help,<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> Aaron<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> [1] <a href="http://packages.ubuntu.com/trusty/python2.7" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">http://packages.ubuntu.com/trusty/python2.7</a><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> [2] <a href="https://www.python.org/download/releases/2.7.6/" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">https://www.python.org/download/releases/2.7.6/</a><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> [3] <a href="https://www.python.org/downloads/release/python-279/" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">https://www.python.org/downloads/release/python-279/</a><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
> [4] <a href="https://www.python.org/dev/peps/pep-0466/" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">https://www.python.org/dev/peps/pep-0466/</a><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
The plan was to update Ubuntu 14.04 to Python 2.7.10. I'm not sure what the<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
current status is:<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<a href="https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1348955" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1348955</a><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<a href="https://bugs.launchpad.net/ubuntu/+bug/1525507" rel="noreferrer" class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg" target="_blank">https://bugs.launchpad.net/ubuntu/+bug/1525507</a></blockquote><div class="gmail_msg"><br class="gmail_msg"></div></span><div class="gmail_msg">Is there anything I can do to help these bugs get triaged/prioritized and assigned?</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">+<a href="mailto:doko@canonical.com" class="gmail_msg" target="_blank">doko@canonical.com</a></div><div class="gmail_msg">Matthias, can you provide additional context on the background and current progress on those bugs?<br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Thanks,</div><div class="gmail_msg">Aaron</div><div class="gmail_msg"> </div><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
Marc.<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
<br class="m_4585441280614897508m_-4291848192021614839gmail_msg gmail_msg">
</blockquote></div></div>
<br class="gmail_msg"></blockquote></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">--<br class="gmail_msg">
Ubuntu-devel-discuss mailing list<br class="gmail_msg">
<a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com" class="gmail_msg" target="_blank">Ubuntu-devel-discuss@lists.ubuntu.com</a><br class="gmail_msg">
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br class="gmail_msg">
<br class="gmail_msg"></blockquote></div></div></blockquote></div>