On 2 March 2017 at 02:44, David Cournapeau <dav...@enthought.com> wrote:
> Just to clarify: I am aware that for code we write/distribute, there are > better ways (we tend to always use requests for http(s) handling). > Christian may have missed the domain on your email address, so calling out the redistribution context explicitly: https://www.enthought.com/products/epd/ And yes, since the Linux distros can't agree on a reliable way for third party applications to find the system certificate store without distro-specific patches, I'd agree that bundling certifi and patching your Python builds is your best currently available option for getting good "out of the box" behaviour. Donald tried to make location autodetection work for pip, but the distros unfortunately not only can't agree on how the default certs should be located, they also don't make sure the other potential locations reliable give a detectable error :( Given your context of use though, the one potential incompatibility you're going to have to watch out for is losing access to any custom CA certificates that are installed into the system trust stores (since certifi won't have any knowledge of those). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
