Author pitrou
Recipients Arfrever, barry, benjamin.peterson, christian.heimes, eric.araujo, fweimer, icordasc, jcea, loewis, naif, pitrou
Date 2013-07-08.11:56:41
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <187543472.150551967.1373284595430.JavaMail.root@zimbra10-e2.priv.proxad.net>
In-reply-to <1373240155.89.0.67198978521.issue13655@psf.upfronthosting.co.za>
Content
> I think we can improve the situation with shipping our own CA certs.
> Almost every operating system or distribution comes with a set of CA
> certs.

Why would we ship our own CA certs if every OS comes with CA certs?

> I lots of Linux distributions and most BSD systems. All except
> FreeBSD install CA certs by default. A fresh FreeBSD systems doesn't
> have certs but ``pkg_add -r ca-root-nss`` fixes that.

Kudos to FreeBSD.
Anyway, isn't SSLContext.set_default_verify_paths() enough already?

> Here is a full list: [snip full list]

I don't think it's a good idea to maintain a list of hard-coded
paths in Python: it's not manageable, and it will always become
outdated. If there was a widely-respected standard (e.g. in FHS or
LSB), things would be a lot better.
History
Date User Action Args
2013-07-08 11:56:42pitrousetrecipients: + pitrou, loewis, barry, jcea, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, naif, icordasc, fweimer
2013-07-08 11:56:42pitroulinkissue13655 messages
2013-07-08 11:56:41pitroucreate