Message 200455 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gvanrossum
Recipients	christian.heimes, gvanrossum, pitrou
Date	2013-10-19.18:01:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAP7+vJLnP0dkzEVedcZeTcLhr7S3r2VAeXotp5nn4YQ876pnvA@mail.gmail.com>
In-reply-to	<1382202490.54.0.300750130537.issue19292@psf.upfronthosting.co.za>

Content
No, please let's not get in the business of shipping certs. Please not. There should be only one place per system where sysadmins have to update certs. It would not scale if every language implementation were to have its own set of certs. Trusting only certs already on the system sounds fine. Reading certs from memory sounds like a good start no matter whether we manage to get the rest working, so please prioritize that. The next step should be fixing set_default_verify_paths() for Windows (at least for somewhat recent versions). On OS X it becomes a priority once the default build no longers use the system openssl.

No, please let's not get in the business of shipping certs. Please not.
There should be only *one* place per system where sysadmins have to update
certs. It would not scale if every language implementation were to have its
own set of certs.

Trusting only certs already on the system sounds fine.

Reading certs from memory sounds like a good start no matter whether we
manage to get the rest working, so please prioritize that.

The next step should be fixing set_default_verify_paths() for Windows (at
least for somewhat recent versions).

On OS X it becomes a priority once the default build no longers use the
system openssl.

History
Date	User	Action	Args
2013-10-19 18:01:06	gvanrossum	set	recipients: + gvanrossum, pitrou, christian.heimes
2013-10-19 18:01:06	gvanrossum	link	issue19292 messages
2013-10-19 18:01:05	gvanrossum	create