[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] [PATCH v2 0/1] Python: Upgrade from 2.7.3 to 2.7.9
From:       ross.burton () intel ! com (Burton, Ross)
Date:       2015-02-27 16:07:20
Message-ID: CAJTo0LbPVzhW9C7e3-2J45Yc5HiTEsby=c95PuaCRhF+bV01tQ () mail ! gmail ! com
[Download RAW message or body]

On 27 February 2015 at 13:47, Peter Urbanec <openembedded-devel at urbanec.net>
wrote:

> I think it may be a good idea to keep python 2.7.3 packages in oe-core
> because a move from 2.7.3 to 2.7.9 is likely to break some systems. At
> least in terms of item 1, we have a large potential for breakage, since the
> SSL cert checking will break anything that uses self-signed SSL certs for
> HTTPS without deploying the correct CA to the client systems. As far as I
> can tell, there is no system wide override for this behaviour.


IIRC the general argument is if that if you're assuming a self-signed
certification is valid, you've lost so much security.  We're in the middle
of a development cycle so this will only impact people using or moving to
1.8.

I've just verified that python-imaging works for me (and works on the
autobuilders), so if you can replicate the failure on demand that filing a
bug would be useful.

Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20150227/6154b053/attachment.html>



[prev in list] [next in list] [prev in thread] [next in thread]