Author gvanrossum
Recipients christian.heimes, gvanrossum, pitrou
Date 2013-10-19.18:01:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <CAP7+vJLnP0dkzEVedcZeTcLhr7S3r2VAeXotp5nn4YQ876pnvA@mail.gmail.com>
In-reply-to <1382202490.54.0.300750130537.issue19292@psf.upfronthosting.co.za>
Content
No, please let's not get in the business of shipping certs. Please not.
There should be only *one* place per system where sysadmins have to update
certs. It would not scale if every language implementation were to have its
own set of certs.

Trusting only certs already on the system sounds fine.

Reading certs from memory sounds like a good start no matter whether we
manage to get the rest working, so please prioritize that.

The next step should be fixing set_default_verify_paths() for Windows (at
least for somewhat recent versions).

On OS X it becomes a priority once the default build no longers use the
system openssl.
History
Date User Action Args
2013-10-19 18:01:06gvanrossumsetrecipients: + gvanrossum, pitrou, christian.heimes
2013-10-19 18:01:06gvanrossumlinkissue19292 messages
2013-10-19 18:01:05gvanrossumcreate