Notwithstanding the deafening silence of this list, and following Eric Bray's advice, this is now Trac#22089 <https://trac.sagemath.org/ticket/22089>.
This ticket is marked "critical" (I feel personally that this should be a "blocker" ticket). Advice requested about whether : - patch our current python (2.7.10), or - upgrade our current python to, e. g. 2.7.11 (current in Debian testing) - or even to 2.7.12 (current in cygwin) or 2.7.13 (current python.org's release, but only 5 days old). HTH, -- Emmanuel Charpentier Le lundi 19 décembre 2016 11:28:28 UTC+1, Erik Bray a écrit : > > On Sat, Dec 17, 2016 at 9:18 AM, Emmanuel Charpentier > <emanuel.c...@gmail.com <javascript:>> wrote: > > Still pursuing our SSL curse (see this thread among others ; and, BTW, > > Trac#22058 needs review), I noted that I was unable to get a functional > pip > > on any "new" installation (e. g. a virtual machine with Debian testing). > > > > The build logs (see included file) showed that the _ssl extension > doesn't > > compile cleanly, with symptoms similar to those seen in git. > > > > If I understand it correctly, any attempt to install Sage on a machine > with > > OpenSSL>=1.1 (i. e. all major distributions, AFAICT, except the antique > > Debian "stable"), is doomed to have serious problems communicating over > > SSL/HTTPS. > > > > However, existing installations can use OpenSSL runtime library >=1.1, > which > > is still binary-compatible. What has changed is the way the macros > defined > > in the development libraries are used to declare SSL-related types. > > > > A bit of Googling led me to this Python bug, which seems relevant (and > offer > > a solution). Questions : > > > > Is this ticket-worthy ? (IMHO, it's a damn *blocker* bug...) > > Should we : > > > > just port the proposed patch, or > > upgrade python to , e. g., 2.7.11-2 (current in Deboan testing, ours is > > 2.7.10.3) ? > > > > > > Advice ? Votes ? > > Looks to me like the OpenSSL 1.1 fix for Python was merged and > backported to the 2.7.x branch as well, being obviously > security-critical, though a new 2.7.x release hasn't come out yet. > I'd be surprised if that patch hasn't already been backported by the > major distros. But in any case I agree we should pull that patch into > sage as well. I agree there should be a ticket. > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
