[Python-Dev] PEP 476: Enabling certificate validation by default!
Antoine Pitrou
antoine at python.org
Sun Aug 31 20:37:50 CEST 2014
More information about the Python-Dev mailing list
Sun Aug 31 20:37:50 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le 31/08/2014 20:28, Paul Moore a écrit : > > I can't see how that would be something the application would know. > For example, pip allows me to specify an "alternate cert bundle" but > not a single additional cert. So IIUC, I can't use my local index that > serves https using a self-signed cert. I'd find it hard to argue that > it's pip's responsibility to think of that use case - pretty much any > program that interacts with a web service *might* need to interact > with a self-signed dummy version, if only under test conditions. Well, it's certainly pip's responsibility more than Python's. What would Python do? Provide a setting that would blindly add a cert for all uses of httplib? pip knows about the use cases here, Python doesn't. (perhaps you want to serve your local index using http, though) Regards Antoine.
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list