On Thu, Jun 1, 2017 at 8:01 PM, Antoine Pitrou <solip...@pitrou.net> wrote: > On Thu, 1 Jun 2017 19:50:22 +1000 > Chris Angelico <ros...@gmail.com> wrote: >> On Thu, Jun 1, 2017 at 7:23 PM, Antoine Pitrou <anto...@python.org> wrote: >> >> Do you also disagree on the need of the need of the PEP 546 >> >> (backport) to make the PEP 543 (new TLS API) feasible in practice? >> > >> > Yes, I disagree. We needn't backport that new API to Python 2.7. >> > Perhaps it's time to be reasonable: Python 2.7 has been in bugfix-only >> > mode for a very long time. Python 3.6 is out. We should move on. >> >> But it is in *security fix* mode for at least another three years >> (ish). Proper use of TLS certificates is a security question. > > Why are you bringing "proper use of TLS certificates"? Python 2.7 > doesn't need another backport for that. The certifi package is > available for Python 2.7 and can be integrated simply with the existing > ssl module.
As stated in this thread, OS-provided certificates are not handled by that. For instance, if a local administrator distributes a self-signed cert for the intranet server, web browsers will use it, but pip will not. ChrisA _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
