This pull request should solve this https://github.com/pypa/pip/pull/1256
On Oct 20, 2013, at 12:32 AM, Nick Coghlan <ncogh...@gmail.com> wrote: > On 20 October 2013 05:46, Ian Cordasco <graffatcolmin...@gmail.com> wrote: >> Also the three of us maintaining requests and the author of urllib3 >> are all very conscious that the packaged pem file is outdated. We have >> an open issue about how to rebuild it accurately while taking into >> consideration (and not including) the ones that have been revoked. Any >> suggestions you have can be sent to me off list or reported on the >> issue tracker. > > The requests issue Ian is referring to: > https://github.com/kennethreitz/requests/issues/1659 > > The next version of PEP 453 will include getting this resolved as part > of the integration timeline: > > ======================== > * by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2) > > ``requests`` certificate management issue resolved > ``ensurepip`` updated to the final release of pip 1.5, or a subsequent > maintenance release (including a suitably updated vendored copy of > ``requests``) > ======================== > > And also mentions it under the "security considerations" section for > the bootstrapping mechanism: > > ======================== > Only users that choose to use ``pip`` to communicate with PyPI will > need to pay attention to the additional security considerations that come > with doing so. > > However, the core CPython team will also assist with reviewing and > resolving the `certificate update management issue > <https://github.com/kennethreitz/requests/issues/1659>`__ currently > affecting the ``requests`` project (and hence ``pip``). > ======================== > > Regards, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
