[Python-Dev] PEP476: Enabling certificate validation by default

Alex Gaynor alex.gaynor at gmail.com
Sat Sep 20 17:54:56 CEST 2014

Done and done.


On Fri, Sep 19, 2014 at 4:13 PM, Guido van Rossum <guido at python.org> wrote:

> +1 on Nick's suggestion. (Might also mention that this is the reason why
> both functions should exist and have compatible signatures.)
> Also please, please, please add explicit mention of Python 2.7, 3.4 and
> 3.5 in the Abstract (for example in the 3rd paragraph of the abstract).
> On Fri, Sep 19, 2014 at 3:52 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
>> On 20 September 2014 08:34, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>> > Pushed a new version which I believe adresses all of these. I added an
>> > example of opting-out with urllib.urlopen, let me know if there's any
>> other
>> > APIs you think I should show an example with.
>> It would be worth explicitly stating the process global monkeypatching
>> hack:
>>     import ssl
>>     ssl._create_default_https_context = ssl._create_unverified_context
>> Adding that hack to sitecustomize allows corporate sysadmins that can
>> update their standard operating environment more easily than they can
>> fix invalid certificate infrastructure to work around the problem on
>> behalf of their users. It also helps out users that will be able to
>> deal with such broken infrastructure without updating each and every
>> one of their scripts.
>> It's deliberately ugly because it's a genuinely bad idea that folks
>> should want to avoid using, but as a matter of practical reality,
>> corporate IT departments are chronically understaffed, and often fully
>> committed to fighting the crisis du jour, without sufficient time
>> being available for regular infrastructure maintenance tasks.
>> Regards,
>> Nick.
>> --
>> Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia
> --
> --Guido van Rossum (python.org/~guido)

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140920/1db1d7c0/attachment.html>

More information about the Python-Dev mailing list