It's not so much clear how to grab sources actually. Home page mentions release 2.3.0, but there's no release archive on the site and i don't really see tag in their repo.We could use latest master, but that i feel a bit paranoid to do because wouldn't b able to test.
Any thoughts here? On Tue, Feb 18, 2014 at 12:08 PM, Trouble Daemon <[email protected]>wrote: > Hey, > > I did a local pip install of the requests file to take a look at the > cacert.pem file. It would appear that it is a copy of all the main > certificate authorities for use with SSL, so it would be rather large. > > I was a little concerned to see other posts online ( > https://mail.python.org/pipermail/python-dev/2013-October/129755.html) > that > mentioned things like being slightly out of date, ignoring checks for > revoked certs, and what not, so they seem a little on the slow on the > update end of things. > > I can't (won't) verify the actual authenticity of all of those certs to > prove that they aren't "fake" or anything, but probably minor since only > HTTPS requests using this lib would be able to be MITM'd if there were some > fakes in there (unless they found a way to install into your browser > storage via another script since users generally have full access to their > own browser settings, for example). > > Personally I wish they would set this up to point at the system maintained > certs, but these paths vary too much on the OS's and would require root > access. If you ask me, it is a can of worms to install CA files on to a > users system as that is half of the attack (getting the file on someones > computer, the second being to install it in the proper place and MITM a > users connection). Wouldn't it be better to leave out and tell the user > that if they want SSL, they should configure the library to point at the > system wide certs instead? > > > Dan > > > > On Mon, Feb 17, 2014 at 10:35 PM, Campbell Barton <[email protected] > >wrote: > > > This is coming a bit late in the release cycle, but I've been asked to > > review an addon for Sketchfab, to see if we can include in 2.70. > > > > The addon its self is quite small and wont be enabled by default, > > however its using a python module called `requests`. > > > > Most likely this can be used by other scripts too since its a popular > > module. > > > > Bundling this isn't such a problem since this is pure python (just zip > > it up and include in lib/ for OSX, MS-Windows, Linux can copy from > > from Python's install dir). > > > > However this will take some work to update scons and cmake, and > > testing it works. > > > > Theres the issue of incresed size, did a quick test and it bzip2's > > down to 342kb, > > Though much of the space is used by `cacert.pem`, without that file its > > 180kb > > > > I did a quick check and seems that file is optional since you can use > > cacerts provided by the system instead (but not totally sure at the > > point). > > > > > > So I'm proposing to include the Python module, > > I'll setup SCons and CMake for Linux and Windows and upload requests > > archive to lib/, but will need someone else to handle OSX or at least > > test it works ok. > > > > > > To be clear, Blender wont execute anything extra by default on > > startup, this just makes a Python module available for scripts to use > > if they need, and increases Blender's download size. > > > > --- > > > > Extra info. > > > > Addon URL if anyones interested: > > https://developer.blender.org/D321 > > > > Requests website: > > http://requests.readthedocs.org > > -- > > - Campbell > > _______________________________________________ > > Bf-committers mailing list > > [email protected] > > http://lists.blender.org/mailman/listinfo/bf-committers > > > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > -- With best regards, Sergey Sharybin _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
