Hello Donald, On Thursday 05 June 2014 10:24:48 Donald Stufft wrote: > You need pyasn1, pyopenssl, and ndg-httpsclient in order for the > requests/urllib3 stuff to kick in. Yes, of course: I was keeping an eye on all the needed packages. > It’d probably be a sane idea to use recommends, at least on Python 2.x since > using that also prevents CRIME and the like which Python 2.x is vulnerable > to else wise IIRC. Thanks for pointing this: for python-requests I will add to Recommends all of the needed packages to ensure that SNI works as expected and to prevent CRIME. For python3-requests do you think it's needed to also add them to Reccomends? Upstream issue 20994[¹] is still open, but Python3 support SNI, and ssl compression can be disabled, as reported on the issue, using OP_NO_COMPRESSION (on python3 >= 3.3, but we have 3.4). I think use Suggests is fine in this case. I will add a README.Debian to explain clearly all of it. Cheers, [¹] http://bugs.python.org/issue20994 -- Daniele Tricoli 'Eriol' http://mornie.org
Attachment:
signature.asc
Description: This is a digitally signed message part.