[Python-Dev] Proposed schedule for 3.4.2

Barry Warsaw barry at python.org
Tue Sep 9 00:28:46 CEST 2014

On Sep 09, 2014, at 08:20 AM, Nick Coghlan wrote:

>We could actually make it an "official" hack:
>    import urllib.request
>    urllib.request.urlopen = urllib.request._unverified_urlopen
>Or else the user can just change the code to call the unverified one
>All we'd have to do is keep the existing version that doesn't validate
>certs properly around under the name "_unverified_urlopen".
>I like this for a few reasons:
>1. It doesn't get much easier than calling function A instead of function B
>2. Monkeypatching lets you do a process global hack
>3. The name tells you exactly why this is a bad idea
>4. It's easy to grep for later after you fix your certs
>5. The leading underscore acts as a strong "keep away" signal
>6. The leading underscore makes it clear this function may not always be
>available (e.g. Jython, older versions of Python)

+1.  This would also make it easy to mock in a context manager if you just
wanted to ignore certs for a small section of code.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140908/3da7b545/attachment.sig>

More information about the Python-Dev mailing list