On 22.01.2014 15:12, Jesse Noller wrote: > And no one reads it. I can't count the number of times I've gotten called > into a managers office when they find out python doesn't do cert validation > by default (and in 2, it's not been trivial) and gotten told to fix it, or we > move off of python. > > Donald is perfectly right: every time you point out to users that this is the > default behavior the response is almost universally "you can't be serious, is > this a joke?"
Yes, you are right. :( About two months ago (maybe three) I proposed to deprecated implicit SSL context, unverified certs and unverified hostnames all together. But I was voted down. Donald made a similar attempt half an year ago, too. Can't we just mark these things as pending deprecated in Python 3.4 so people start fixing their code *now*? Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com