[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Barry Warsaw
barry at python.org
Mon Jun 3 19:07:00 CEST 2013
On Jun 03, 2013, at 02:17 PM, Donald Stufft wrote:
>I'd actually prefer for Linux to not use the bundled certs when installed
>from a package manager because it should use the system certs, but people
>can't depend on certs being there if they are only there on linux.
I think we agree on that.
>Adding them into Python means people _can_ depend on them being there, and
>Windows and other systems without system integrators to modify it to use the
>system store will still get certs and Ubuntu can make it just work(™).
Again, I think PEP 431 provides a pretty good model for how this should be
done. Maybe it's worth factoring out this specific part of PEP 431 into an
informational PEP?
>This would probably (eventually) make the bundling of certificates better
>too.
>
>Meaning that once it's been in long enough people are willing to depend on
>it, they won't need to bundle their own certs and ubuntu/debian can just
>modify the one location instead of needing to modify it for every package
>that does it.
Can we do the same for the JavaScript libraries? :)
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/24178cfd/attachment.pgp>
More information about the Python-Dev
mailing list