On Mon, Nov 23, 2015 at 5:56 PM, Nick Coghlan <ncoghlan@gmail.com> wrote:

On 24 November 2015 at 06:47, Wes Turner <wes.turner@gmail.com> wrote:
> 1. Does this affect easy_install?

easy_install has validated certificates since distribute was merged
back into the project as part of setuptools 0.7 [1], and aside from
one issue with HTTPS tunnelling [2], the certificate verification code
has been stable since setuptools 1.3 [3].

Got it; thanks.

* https://bitbucket.org/pypa/setuptools/src/tip/setuptools/ssl_support.py

> 2. If/because this affects easy_install,
> should the guidance / suggested package installation tool be [pip];
> because pip install_requires backports.ssl_match_hostname

setuptools/easy_install uses backports.ssl_match_hostname if it's
available, and otherwise has its own implementation.

* setuptools 0.7 [src] -- 2013-06-?? -- https://bitbucket.org/pypa/setuptools/src/7f2c08e9/?at=0.7

* setuptools 0.7 [distro] -- 201X-XX-XX [see: whohas, ]

Setuptools latest is now at version 18.5 (2015-11-02).

Cheers,
Nick.

[1] https://pythonhosted.org/setuptools/history.html#id159
[2] https://pythonhosted.org/setuptools/history.html#id80
[3] https://pythonhosted.org/setuptools/history.html#id123

--
Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia