On Jun 3, 2013, at 1:07 PM, Barry Warsaw <barry@python.org> wrote:

On Jun 03, 2013, at 02:17 PM, Donald Stufft wrote:

I'd actually prefer for Linux to not use the bundled certs when installed
from a package manager because it should use the system certs, but people
can't depend on certs being there if they are only there on linux.

I think we agree on that.

Adding them into Python means people _can_ depend on them being there, and
Windows and other systems without system integrators to modify it to use the
system store will still get certs and Ubuntu can make it just work().

Again, I think PEP 431 provides a pretty good model for how this should be
done.  Maybe it's worth factoring out this specific part of PEP 431 into an
informational PEP?

Looks fine to me minus the not updating in security releases (but that's just
a difference in the type of data).


This would probably (eventually) make the bundling of certificates better
too.

Meaning that once it's been in long enough people are willing to depend on
it, they won't need to bundle their own certs and ubuntu/debian can just
modify the one location instead of needing to modify it for every package
that does it.

Can we do the same for the JavaScript libraries? :)

-Barry


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA