undefined | Better HN

0 pointsskykooler9y ago0 comments

As it says in the article, Apple has not updated their system Python in a long time, so soon you will not be able to Pip install packages using system python.

0 comments

7 comments · 1 top-level

larkost9y ago· 6 in thread

The real issue is not that Apple has not updated Python, but rather that about 4 years ago Apple depreciated OpenSSL. So the OpenSSL library included on MacOS has not seen a major update since then (only back-ported fixes). The article does an o.k. job of explaining this in note 2, but fails to mention that this has been a known problem for over 4 years, and little has been done in the mean time. Only now that there is a looming deadline does there seem to be any motion on it, and it is obvious that they are going to miss the deadline.

I do think that they are missing a fairly simple solution for the majority of use cases: move things like `urllib2` to use `libcurl` underneath rather than OpenSSL. The CURL project has already solved this problem by being portable to things like Apple's CommonCrypto library and Window's security libraries.

I should also note that the article's suggested workarounds are less then ideal as both use versions of OpenSSL that do not consult the system keychain for root certificates, and so create strange problems that most people will not understand.

pvg9y ago

I do think that they are missing a fairly simple solution

That doesn't sound very simple at all. For one thing, it means the python runtime loses control over the http implementation it ships. It's also not obvious that libcurl provides an API that can do everything something like http.client can do. I think this is somewhere between 'not simple' and 'non-starter'.

vacri9y ago

I like how you phrase it so that it sounds like it's Python's fault that Apple is not supporting an open, cross-platform standard.

toyg9y ago

Rewriting all the network code to use libcurl is not gonna happen in such a short timeframe.

I expect the issue will be solved by linking and bundling a recent openssl, which is relatively trivial to do for only one platform.

pvg9y ago

That's already the solution. It's suboptimal.

maxerickson9y ago

Does libcurl provide the abstractions to make that transition simpler than directly adding support for the platform libraries to Python's TLS implementation?

to3m9y ago

I can't say for certain regarding this case specifically, but CURLOPT_CONNECT_ONLY (as I recall) does the TLS and proxy shenanigans, and then waits for you to say "HTTP 1.1" and so on. You can send and receive data using a BSD_socket-a-like API.

https://curl.haxx.se/libcurl/c/CURLOPT_CONNECT_ONLY.html

j / k navigate · click thread line to collapse

0 comments

7 comments · 1 top-level

larkost9y ago· 6 in thread

pvg9y ago

I do think that they are missing a fairly simple solution

vacri9y ago

I like how you phrase it so that it sounds like it's Python's fault that Apple is not supporting an open, cross-platform standard.

toyg9y ago

Rewriting all the network code to use libcurl is not gonna happen in such a short timeframe.

I expect the issue will be solved by linking and bundling a recent openssl, which is relatively trivial to do for only one platform.

pvg9y ago

That's already the solution. It's suboptimal.

maxerickson9y ago

Does libcurl provide the abstractions to make that transition simpler than directly adding support for the platform libraries to Python's TLS implementation?

to3m9y ago

https://curl.haxx.se/libcurl/c/CURLOPT_CONNECT_ONLY.html

j / k navigate · click thread line to collapse