[Python-Dev] PEP 476: Enabling certificate validation by default!
Paul Moore
p.f.moore at gmail.com
Sat Aug 30 17:36:23 CEST 2014
On 30 August 2014 16:22, Alex Gaynor <alex.gaynor at gmail.com> wrote:
> The Windows certificate store is used by ``load_default_certs`
Cool, in which case this sounds like a good plan. I have no particular
opinion on whether there should be a global Python-level "don't check
certificates" option, but I would suggest that the docs include a
section explaining how a user can implement a
"--no-check-certificates" flag in their program if they want to (with
appropriate warnings as to the risks, of course!). Better to explain
how to do it properly than to say "you shouldn't do that" and have
developers implement awkward or incorrect hacks in spite of the
advice.
Paul
More information about the Python-Dev
mailing list