Seth Michael Larson
Seth Michael Larson
Thanks for bringing this to our attention. Instead of dropping PySocks has there been any recent attempt to contact @Anorov? I'd prefer going the route of keeping PySocks maintained instead...
I've reached out to @Anorov via email.
- I'm in favor of dropping support for OpenSSL
It'd be interesting to see which flavors of Linux are both using OpenSSL
From this link: https://repology.org/project/openssl/versions Linux flavors of interest: - AlmaLinux 8 (OpenSSL 1.0.2 / 1.1.1) - AlmaLinux 9 (OpenSSL 3.0) - Alpine 3.8 (OpenSSL 1.0.2) - Alpine 3.9+ (OpenSSL 1.1.1+)...
@pquentin Brought up the case where a downstream packaged pip unbundles urllib3, if the user were to upgrade their system's installation of urllib3 they'd essentially brick their system and not...
True, so the system would also have to have Python 3.7-3.9 installed to have this issue since urllib3 v2.0 requires 3.7+ and 3.10 requires OpenSSL 1.1.1+.
Probably not. Outside of anyone else bringing a good reason for us to support OpenSSL 1.1.0 or earlier we're going to drop support of OpenSSL
Some more arguments for using our v2.0 boundary to drop LibreSSL ahead of the PEP 644 schedule: - We don't test LibreSSL at all today. We're making large changes to...
Given all the above reasons I'm in favor of explicitly raising an error for urllib3 v2.0 when a non-OpenSSL `ssl` module is detected.