On Jan 22, 2014, at 9:19 AM, Paul Moore <p.f.mo...@gmail.com> wrote:
> On 22 January 2014 13:55, Donald Stufft <don...@stufft.io> wrote: >> >> As an additional side note, anecdotal evidence and what not, but >> *every* time I bring this up somewhere I get at least one reply that >> looks similar to https://twitter.com/ojiidotch/status/425986619879866368 > > Surprise that Python doesn't verify certs is one thing. I would also > like to live in a world where Python has always verified certs, and > all the issues have already been resolved. Imposing breakage on end > users because we haven't managed to persuade application developers to > do the right thing yet (even though it appears we've made it > one-line-of-code easy to do so) is another thing entirely. Note: That it requires users to even be aware they *need* to do that one line of code, which many are not. > > But the deprecation cycle gives application developers time (and a > deadline) so I'm happy with that. Awesome, It looks like I’ll be writing a PEP to handle this, I wasn’t sure if it needed one or not. > > Although from MAL's original comment: >> Note that several python.org services use CAcerts which would no >> longer be accessible per default following such a change. > > ,The PSF needs to get that sorted before making cert validation the > default in Python, IMO. I’m not aware of which services those are, if MAL (or anyone else) can point them out I’ll see what I can do to make that happen. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com