[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Barry Warsaw
barry at python.org
Mon Jun 3 18:48:36 CEST 2013
More information about the Python-Dev mailing list
Mon Jun 3 18:48:36 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jun 03, 2013, at 09:05 AM, Ben Darnell wrote: >The data is analogous to the time zone database (PEP 431) in that it may >need to be updated independently of Python's own release schedule, so we >may want to use similar techniques to manage both. Also see certifi ( >https://pypi.python.org/pypi/certifi), which is a copy of the Mozilla list >in a pip-installable form. Right, this is very much analogous, except with the additional twist that out-of-date certificates can pose a significant security risk. I'm fairly certain that Debian and Ubuntu would explicitly not use any certificates shipped with Python, for two main reasons: 1) our security teams already manage the certificate store distro-wide and we want to make sure that one update fixes everything; 2) we don't want to duplicate code in multiple packages[1]. So *if* Python decides to do this (and I'm -0, but from a decidedly Linux-distro bias), it must be easily disabled. I generally like the way PEP 431 handles the tzdata, so I think we should do the same here. -Barry [1] This gives us headaches in upstreams like coverage caused by bundling externally available JavaScript libraries, or like urllib3 bundling chardet and urllib3, not to mention their own certificates yet again. :(
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list