[Python-Dev] pip SSL
Donald Stufft
donald at stufft.io
Sat Oct 26 15:28:59 CEST 2013
This pull request should solve this https://github.com/pypa/pip/pull/1256
On Oct 20, 2013, at 12:32 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> On 20 October 2013 05:46, Ian Cordasco <graffatcolmingov at gmail.com> wrote:
>> Also the three of us maintaining requests and the author of urllib3
>> are all very conscious that the packaged pem file is outdated. We have
>> an open issue about how to rebuild it accurately while taking into
>> consideration (and not including) the ones that have been revoked. Any
>> suggestions you have can be sent to me off list or reported on the
>> issue tracker.
>
> The requests issue Ian is referring to:
> https://github.com/kennethreitz/requests/issues/1659
>
> The next version of PEP 453 will include getting this resolved as part
> of the integration timeline:
>
> ========================
> * by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2)
>
> ``requests`` certificate management issue resolved
> ``ensurepip`` updated to the final release of pip 1.5, or a subsequent
> maintenance release (including a suitably updated vendored copy of
> ``requests``)
> ========================
>
> And also mentions it under the "security considerations" section for
> the bootstrapping mechanism:
>
> ========================
> Only users that choose to use ``pip`` to communicate with PyPI will
> need to pay attention to the additional security considerations that come
> with doing so.
>
> However, the core CPython team will also assist with reviewing and
> resolving the `certificate update management issue
> <https://github.com/kennethreitz/requests/issues/1659>`__ currently
> affecting the ``requests`` project (and hence ``pip``).
> ========================
>
> Regards,
> Nick.
>
> --
> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131026/221f0c16/attachment.sig>
More information about the Python-Dev
mailing list