[Python-Dev] SSL certificates recommendations for downstream python packagers

Paul Moore p.f.moore at gmail.com
Tue Jan 31 10:16:13 EST 2017


On 31 January 2017 at 14:54, Cory Benfield <cory at lukasa.co.uk> wrote:
>
> So C# applications are Windows-native safe on Windows, and are a crapshoot elsewhere. For Java vs Python, I’d say we’re slightly ahead right now.

That's precisely the sort of answer I was after. Many thanks. The
additional detail is interesting, but starts being scary again. I
think the "advantage" languages like Java has is that no-one really
discusses the details - so it seems like things are fine - but it
devolves into a "how do we get this to work?" mess if you try to do
anything hard. That's not a real advantage, but unfortunately politics
often trumps technical accuracy in my area of work :-( (My job is
often to make technically correct politically acceptable - who knew
that's what "coding" really was?)

> Again, the long-term solution to this fix is to allow us to use SChannel and SecureTransport to provide TLS on the relevant platforms. This will also let people use GnuTLS or NSS or whatever other TLS implementations float their boat on other Unices. I’ll be bringing a draft PEP in front of python-dev sometime in the next month to start this work: if you’re interested, I recommend helping out with that process!

That sounds fantastic. I'm not sure how much I'd be able to help,
beyond whining "but I don't care about all this, just make it work and
make it eeeeasyyyyyy" :-) but I'll certainly watch the discussions and
do what I can.

Thanks,
Paul


More information about the Python-Dev mailing list