[Python-Dev] SSL certificates recommendations for downstream python packagers
Paul Moore
p.f.moore at gmail.com
Tue Jan 31 04:56:28 EST 2017
More information about the Python-Dev mailing list
Tue Jan 31 04:56:28 EST 2017
- Previous message (by thread): [Python-Dev] SSL certificates recommendations for downstream python packagers
- Next message (by thread): [Python-Dev] SSL certificates recommendations for downstream python packagers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 31 January 2017 at 09:19, Cory Benfield <cory at lukasa.co.uk> wrote: > > In general, it is unwise to mix trust stores. If you want to use your OS’s > trust store, the best approach is to use the OS’s TLS stack as well. At > least that way when a user says “It works in my browser”, you know it should > work for you too. As a bystander (and an "end user" of this stuff) the message I'm getting here is a bit worrying. To take a step back from the sysadmin issues here, is the statement It's safe to use Python (either via the stdlib, or various 3rd party libraries like requests) to access https URLs correct? I understand that "safe" is a complex concept here, but in terms of promoting Python, I'd be using the term in the sense of "at least as acceptable as using something like C# or Java" - in other words I'm not introducing any new vulnerabilities if I argue for Python over one of those languages? Paul
- Previous message (by thread): [Python-Dev] SSL certificates recommendations for downstream python packagers
- Next message (by thread): [Python-Dev] SSL certificates recommendations for downstream python packagers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list