> On Jan 22, 2014, at 8:03 AM, Christian Heimes <christ...@python.org> wrote: > >> On 22.01.2014 14:55, Donald Stufft wrote: >> As an additional side note, anecdotal evidence and what not, but >> *every* time I bring this up somewhere I get at least one reply >> that looks similar to >> https://twitter.com/ojiidotch/status/425986619879866368 > > > Yeah :( > > The ssl module documentation http://docs.python.org/3/library/ssl.html > features a big red warning box for a good reason.
And no one reads it. I can't count the number of times I've gotten called into a managers office when they find out python doesn't do cert validation by default (and in 2, it's not been trivial) and gotten told to fix it, or we move off of python. Donald is perfectly right: every time you point out to users that this is the default behavior the response is almost universally "you can't be serious, is this a joke?" > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/jnoller%40gmail.com _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com