[Python-Dev] SSL certificates recommendations for downstreampython packagers

Stephen J. Turnbull turnbull.stephen.fw at u.tsukuba.ac.jp
Wed Feb 1 22:38:23 EST 2017

Cory Benfield writes:

 > The TL;DR is: I understand Christian’s concern, but I don’t think
 > it’s important if you’re very, very careful.

But AIUI, the "you" above is the end-user or admin of end-user's
system, no?  We know that they aren't very careful (or perhaps more
accurate, this is too fsckin' complicated for anybody but an infosec
expert to do very well).

I[1] still agree with you that it's *unlikely* that end-users/admins
will need to worry about it.  But we need to be really careful about
what we say here, or at least where the responsible parties will be

Thanks to all who are contributing so much time and skull sweat on
this.  This is insanely hard, but important.

[1]  Infosec wannabe, I've thought carefully but don't claim real

More information about the Python-Dev mailing list