On 05.04.2015 22:49, Donald Stufft wrote: > > Donald Stufft added the comment: > >> I don't consider monkey patching a proper way to configure a Python >> installation. > > The point is that that TLS validation on/off isn't conceptually a Python level > configuration option, that's going to be a per application configuration > option. The monkeypatching is simply an escape hatch to give people time to > update their applications (or pressure whoever wrote the application) to > support the configuration option that really belongs at the application > level. It *should* feel improper because the entire concept of a Python level > on/off switch isn't proper and making it feel more proper by adding an > official > API or config file for doing it is only giving footguns out to people.
People upgrading to a new patch level Python release will *not* expect or want to have to change their application to adapt to it. That's simply not within the scope of a patch level release. Furthermore, old applications such as Zope will (most likely) not receive such updates. Please accept that there's a whole universe out there where people don't continually update their applications, but still want to benefit from bug fixes to their underlying libs and tools. The world is full of legacy systems, regardless of whether we like it or not. There's no good or bad about this. It's just a fact of life. What I'm arguing for is a way for admins of such older systems to be able to receive bug fixes for Python 2.7.x *without* having to change the applications. Using an environment setting and adding that to the application's user account settings is an easy way to resolve the issue in situations where other options are not feasible or simply not deemed needed (Zope has been working without any egg verification for years). -- Marc-Andre Lemburg eGenix.com _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
