[Python-Dev] Enable Hostname and Certificate Chain Validation

[Chris Angelico]

On Wed, Jan 22, 2014 at 11:15 PM, Donald Stufft <donald at stufft.io> wrote:
> Do you really think those people would be making the same complaints
> if they could restore the previous behavior with a simple boolean flag
> delivered either via environment variable or in their own code?

You assume that it's easy to tweak the code. From personal experience
just today I can say that this isn't always the case. I was asked a
question about an internal program that had been in use since the late
1990s, and which had originally been written to work with Netscape
Navigator and had been updated to work with Firefox, but not Chrome.
The original author is still around, but it's too much hassle to get
that code dug into, so it's far easier just to accept a small issue
with Chrome (since the program's not used very often anyway). But if
Chrome had completely broken that program, the solution would simply
be "keep using Firefox", not "fix the program" - it's not considered a
bug.

Now, maybe it wouldn't be a problem if the fix is an environment
variable, but imagine a thousand-computer deployment and you have to
tweak the environment on all of them. Feel like doing that just
because the newest Python needs it? Not so much.

ChrisA