[Python-Dev] pip SSL

Donald Stufft donald at stufft.io
Sat Oct 26 15:28:59 CEST 2013 

This pull request should solve this https://github.com/pypa/pip/pull/1256

On Oct 20, 2013, at 12:32 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

> On 20 October 2013 05:46, Ian Cordasco <graffatcolmingov at gmail.com> wrote:
>> Also the three of us maintaining requests and the author of urllib3
>> are all very conscious that the packaged pem file is outdated. We have
>> an open issue about how to rebuild it accurately while taking into
>> consideration (and not including) the ones that have been revoked. Any
>> suggestions you have can be sent to me off list or reported on the
>> issue tracker.
> 
> The requests issue Ian is referring to:
> https://github.com/kennethreitz/requests/issues/1659
> 
> The next version of PEP 453 will include getting this resolved as part
> of the integration timeline:
> 
> ========================
> * by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2)
> 
>  ``requests`` certificate management issue resolved
>  ``ensurepip`` updated to the final release of pip 1.5, or a subsequent
>  maintenance release (including a suitably updated vendored copy of
>  ``requests``)
> ========================
> 
> And also mentions it under the "security considerations" section for
> the bootstrapping mechanism:
> 
> ========================
> Only users that choose to use ``pip`` to communicate with PyPI will
> need to pay attention to the additional security considerations that come
> with doing so.
> 
> However, the core CPython team will also assist with reviewing and
> resolving the `certificate update management issue
> <https://github.com/kennethreitz/requests/issues/1659>`__ currently
> affecting the ``requests`` project (and hence ``pip``).
> ========================
> 
> Regards,
> Nick.
> 
> -- 
> Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131026/221f0c16/attachment.sig>

More information about the Python-Dev mailing list