[Twisted-Python] dropping old pyOpenSSL versions
Ray Cote
rgacote at appropriatesolutions.com
Fri Jul 8 13:14:46 MDT 2016
On Thu, Jul 7, 2016 at 7:00 PM, Glyph Lefkowitz <glyph at twistedmatrix.com>
wrote:
> 2) How does this impact regulated industries. In healthcare (my current
> industry), changing a library (especially cryptography) could mean:
>
> - An internal review to select a new version of the library
> - An internal change management process
> - Technical testing (perhaps a 3rd party audit)
> - A notification to clients of the change
> - Secondary reviews/testing at clients
>
> The intensity of this process depends on the risk level of the system and
> this could be a long and complicated process for some organizations. Seems
> like a more deliberate deprecation policy would make it easier to plan
> ahead.
>
>
Contrast this with a standard such as PCI (credit card security compliance)
where the assessors are required to check if you’re running the latest
version of all components.
Need to be up to date if you want to be compliant.
--
Raymond Cote, President
voice: +1.603.924.6079 email: rgacote at AppropriateSolutions.com skype:
ray.cote
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20160708/e061b569/attachment-0002.html>
More information about the Twisted-Python
mailing list