As the new RM do you want to commit to the same release policy? (please say: "no").

I say "no" :)

I'm strong -1. This feature is already beyond what I originally wanted to commit to.

If you are -1, let's not do it. I trust your juzguement here.

Your request would make things even more complicated. I really don't want to support static linking because I have neither time nor motivation to deal with the additional support overhead. Static linking of OpenSSL has negative consequences for security: you cannot easily update.

I think also that there is some misunderstanding in what I am trying to suggest here. I will try to explain it better:

• I don't want us to officially support static linking if we don't want.
• I don't want to statically link by default
• I don't want us to support many ways to do things

What I want here is to offer some safe enough alternative to those users that need to download their own version of OpenSSL in an environment where OpenSSL 1.0.2 is present. We don't need to officially support it, but I think we need to offer a way so this can be achieved without having to patch CPython. The reason this may be more important is due to the fact that shortly after 3.10 is released 3.9 will lose bugfix support so users in this situation will have no way to use a bugfix-supported Python.

I don't have special interest in pushing one solution or the other: I am triying to explain the concerns that exist in the general ecosystem. You are our trusted expert in SSL and security and we trust you and your juzguement.

Please, understand that my comments are suggestions and general questions so we can provide a good experience for everyone, they are not requirements or something you need to act on now :)