On Sat, Dec 17, 2016 at 9:18 AM, Emmanuel Charpentier <emanuel.charpent...@gmail.com> wrote: > Still pursuing our SSL curse (see this thread among others ; and, BTW, > Trac#22058 needs review), I noted that I was unable to get a functional pip > on any "new" installation (e. g. a virtual machine with Debian testing). > > The build logs (see included file) showed that the _ssl extension doesn't > compile cleanly, with symptoms similar to those seen in git. > > If I understand it correctly, any attempt to install Sage on a machine with > OpenSSL>=1.1 (i. e. all major distributions, AFAICT, except the antique > Debian "stable"), is doomed to have serious problems communicating over > SSL/HTTPS. > > However, existing installations can use OpenSSL runtime library >=1.1, which > is still binary-compatible. What has changed is the way the macros defined > in the development libraries are used to declare SSL-related types. > > A bit of Googling led me to this Python bug, which seems relevant (and offer > a solution). Questions : > > Is this ticket-worthy ? (IMHO, it's a damn *blocker* bug...) > Should we : > > just port the proposed patch, or > upgrade python to , e. g., 2.7.11-2 (current in Deboan testing, ours is > 2.7.10.3) ? > > > Advice ? Votes ?
Looks to me like the OpenSSL 1.1 fix for Python was merged and backported to the 2.7.x branch as well, being obviously security-critical, though a new 2.7.x release hasn't come out yet. I'd be surprised if that patch hasn't already been backported by the major distros. But in any case I agree we should pull that patch into sage as well. I agree there should be a ticket. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
