On Jun 3, 2013, at 5:51 AM, Antoine Pitrou <solipsis@pitrou.net> wrote:

On Mon, 3 Jun 2013 21:37:10 +1200
Ben Hoyt <benhoyt@gmail.com> wrote:

I'm not familiar with Unix/Linux, but on Windows, if it's anything
like mimetypes it'll be really hard to get consistent behaviour across
different boxes/versions from the registry, or wherever certs might be
stored on Windows. I'd much rather have a slightly outdated but
consistent experience by default.

The problem with a "slightly outdated" CA store is that it can be a
security risk.



Python-Dev mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-dev/donald%40stufft.io

Tracking the Mozilla store isn't difficult. New additions can be ignored for currently released Pythons so we'd just need to watch them for blacklisting certs and roll that into a security update.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA