This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author r.david.murray
Recipients alex, barry, bkabrda, doko, dstufft, janssen, ncoghlan, pitrou, r.david.murray, rkuska, vstinner
Date 2015-04-03.14:08:56
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1428070136.58.0.0882870011605.issue23857@psf.upfronthosting.co.za>
In-reply-to
Content 
I do not understand why the vendors want to re-introduce a security hole.

I understand that it causes issues using legacy software to communicate with sites that don't verify, but I think that the correct solution to this is disabling verification on a per-transaction basis, similar to how wget and curl have command line options for.   For Python I think this would mean an environment variable.  I believe I suggested or supported this before and it was rejected (I don't particularly remember why).

If you want to make it config file driven it ought to be keyed by site, not by protocol, IMO, and that seems like a suspect thing to put in a global configuration file.

Introducing a global config file for Python is a significant architectural change, and merits a careful discussion (and probably a PEP).

I don't think it is particularly useful to have this as a tracker issue at this stage.
History
Date User Action Args
2015-04-03 14:08:56r.david.murraysetrecipients: + r.david.murray, barry, doko, ncoghlan, janssen, pitrou, vstinner, alex, bkabrda, dstufft, rkuska
2015-04-03 14:08:56r.david.murraysetmessageid: <1428070136.58.0.0882870011605.issue23857@psf.upfronthosting.co.za>
2015-04-03 14:08:56r.david.murraylinkissue23857 messages
2015-04-03 14:08:56r.david.murraycreate