[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Donald Stufft
donald at stufft.io
Mon Jun 3 21:06:56 CEST 2013
More information about the Python-Dev mailing list
Mon Jun 3 21:06:56 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jun 3, 2013, at 1:07 PM, Barry Warsaw <barry at python.org> wrote: > On Jun 03, 2013, at 02:17 PM, Donald Stufft wrote: > >> I'd actually prefer for Linux to not use the bundled certs when installed >> from a package manager because it should use the system certs, but people >> can't depend on certs being there if they are only there on linux. > > I think we agree on that. > >> Adding them into Python means people _can_ depend on them being there, and >> Windows and other systems without system integrators to modify it to use the >> system store will still get certs and Ubuntu can make it just work(™). > > Again, I think PEP 431 provides a pretty good model for how this should be > done. Maybe it's worth factoring out this specific part of PEP 431 into an > informational PEP? Looks fine to me minus the not updating in security releases (but that's just a difference in the type of data). > >> This would probably (eventually) make the bundling of certificates better >> too. >> >> Meaning that once it's been in long enough people are willing to depend on >> it, they won't need to bundle their own certs and ubuntu/debian can just >> modify the one location instead of needing to modify it for every package >> that does it. > > Can we do the same for the JavaScript libraries? :) > > -Barry ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/77894bd5/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/77894bd5/attachment-0001.pgp>
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list