> Which makes me wonder, why is it that PyPI doesn't use a universally > accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer > myself but would prefer using a cert by one of the commercial CAs for > the sake of the users. > > Any opinions?
Primarily because of lack of volunteer time. Buying a certificate is a big effort, issuing a cacert one is simple. And before anybody says "no, it's not difficult", or "no, it shouldn't be difficult", please consider volunteering for the next ten years to manage the PSF server certificates (as one of the key problems that makes it difficult is that responsibilities change so often with volunteers). Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
