You could use backports: https://help.ubuntu.com/community/UbuntuBackports but I'm not sure that will reach the widest possible audience. It may be worth doing in addition to security-only fixes, but it's a lot of effort to ensure that the package will build, install, and work on older releases. It may be easy or hard depending on pip's dependency stack.
Ideally, a security-only patch would be provided for the security pockets of these releases: https://wiki.ubuntu.com/SecurityTeam/FAQ I don't have the cycles to create the patches, but I could review and test them. ** Also affects: python-pip (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: python-pip (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: python-pip (Ubuntu Quantal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1015477 Title: pip does not verify SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1015477/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
