[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)

[Ben Hoyt]

> The situation for certs is probably fairly parallel:  on unix, it would
> probably be an advantage as Python would automatically follow distro
> decisions about cert chains, while on windows trying to use a system
> cert store would probably be a disaster.

Yeah, fair enough. If it's stable and just works on Linux, this would
be an advantage.

> An application can choose to explicitly ignore the system mimetypes
> file, by the way.

My main concern is that it could be broken out of the box on Windows
(mimetypes currently is), and callers have to go out of their way to
find this workaround.

I'm not familiar with Unix/Linux, but on Windows, if it's anything
like mimetypes it'll be really hard to get consistent behaviour across
different boxes/versions from the registry, or wherever certs might be
stored on Windows. I'd much rather have a slightly outdated but
consistent experience by default.

-Ben