Message240062
I agree with Donald on all points. This shouldn't be done at the language level at all (why should it apply only to Python-written tools?). Having a centralized setting saying "I relinquish security on HTTPS accesses" sounds like a bad idea. And if this is solely for the "support legacy systems" business of some vendors, then it sounds like it may be close to Alex's post here :-)
https://alexgaynor.net/2015/mar/30/red-hat-open-source-community/
It's already possible to disable HTTPS certificate checking by using the right SSLContext options, at least with urllib and http.client. |
|
Date |
User |
Action |
Args |
2015-04-04 11:08:32 | pitrou | set | recipients:
+ pitrou, barry, doko, ncoghlan, janssen, vstinner, alex, r.david.murray, bkabrda, dstufft, rkuska |
2015-04-04 11:08:32 | pitrou | set | messageid: <1428145712.72.0.915835001396.issue23857@psf.upfronthosting.co.za> |
2015-04-04 11:08:32 | pitrou | link | issue23857 messages |
2015-04-04 11:08:32 | pitrou | create | |
|