Hey, I did a local pip install of the requests file to take a look at the cacert.pem file. It would appear that it is a copy of all the main certificate authorities for use with SSL, so it would be rather large.
I was a little concerned to see other posts online ( https://mail.python.org/pipermail/python-dev/2013-October/129755.html) that mentioned things like being slightly out of date, ignoring checks for revoked certs, and what not, so they seem a little on the slow on the update end of things. I can't (won't) verify the actual authenticity of all of those certs to prove that they aren't "fake" or anything, but probably minor since only HTTPS requests using this lib would be able to be MITM'd if there were some fakes in there (unless they found a way to install into your browser storage via another script since users generally have full access to their own browser settings, for example). Personally I wish they would set this up to point at the system maintained certs, but these paths vary too much on the OS's and would require root access. If you ask me, it is a can of worms to install CA files on to a users system as that is half of the attack (getting the file on someones computer, the second being to install it in the proper place and MITM a users connection). Wouldn't it be better to leave out and tell the user that if they want SSL, they should configure the library to point at the system wide certs instead? Dan On Mon, Feb 17, 2014 at 10:35 PM, Campbell Barton <[email protected]>wrote: > This is coming a bit late in the release cycle, but I've been asked to > review an addon for Sketchfab, to see if we can include in 2.70. > > The addon its self is quite small and wont be enabled by default, > however its using a python module called `requests`. > > Most likely this can be used by other scripts too since its a popular > module. > > Bundling this isn't such a problem since this is pure python (just zip > it up and include in lib/ for OSX, MS-Windows, Linux can copy from > from Python's install dir). > > However this will take some work to update scons and cmake, and > testing it works. > > Theres the issue of incresed size, did a quick test and it bzip2's > down to 342kb, > Though much of the space is used by `cacert.pem`, without that file its > 180kb > > I did a quick check and seems that file is optional since you can use > cacerts provided by the system instead (but not totally sure at the > point). > > > So I'm proposing to include the Python module, > I'll setup SCons and CMake for Linux and Windows and upload requests > archive to lib/, but will need someone else to handle OSX or at least > test it works ok. > > > To be clear, Blender wont execute anything extra by default on > startup, this just makes a Python module available for scripts to use > if they need, and increases Blender's download size. > > --- > > Extra info. > > Addon URL if anyones interested: > https://developer.blender.org/D321 > > Requests website: > http://requests.readthedocs.org > -- > - Campbell > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
