[Python-Dev] Enable Hostname and Certificate Chain Validation
Donald Stufft
donald at stufft.io
Wed Jan 22 19:50:37 CET 2014
On Jan 22, 2014, at 1:46 PM, Brian Curtin <brian at python.org> wrote:
> On Wed, Jan 22, 2014 at 12:10 PM, John Yeuk Hon Wong
> <gokoproject at gmail.com> wrote:
>> On 1/22/14 8:16 AM, Nick Coghlan wrote:
>>>
>>> Which is exactly the way most non-web-specialists working inside the
>>> comfort of corporate and academic firewalls will react to a change that
>>> breaks their access to internal applications, where self-signed certs and
>>> improperly configured internal CAs are endemic (of course, that's assuming
>>> they're using HTTPS at all, which I admit is an optimistic assumption).
>>
>> The number of people who are using 3.4+ in these environments is probably
>> very very low to be honest. I don't have a number to prove, but in that
>> environment people are more likely to still be using 2.6+. I think a
>> deprecation in 2.7+ would be nice, but forward we should just enable it by
>> default.
>>
>> When requests changed property calls (e.g. requests.json) to callable
>> instead of an attribute(from requests.json to requests.json()), I was
>> shocked. I had to figure out by Googling it. I found out from github
>> issue....
>>
>> I think a hard fail is somehow necessary.
>>
>> Also, a lot of people overlook at deprecation warnings. They either don't
>> care or don't see it. I see a lot of deprecation warnings in the older
>> applications I write, but I can careless until it breaks. So as we moving
>> forward, we can break it. For those stuck behind, deprecation is the right
>> approach.
>
> They're disabled by default, so a lot of people simply don't know they
> exist because they also don't read the documentation.
Ironically this is the exact reason why validation should happen by default :]
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/eb2be7fb/attachment.sig>
More information about the Python-Dev
mailing list