[Distutils] HTTPS and certificate check update for distribute ?
Donald Stufft
donald at stufft.io
Sun May 5 20:55:17 CEST 2013
On May 5, 2013, at 2:48 PM, PJ Eby <pje at telecommunity.com> wrote:
> On Sat, May 4, 2013 at 8:01 PM, Donald Stufft <donald at stufft.io> wrote:
>> The easiest way is to just bundle the mozilla certs. They do all the work of keeping it up to date and validating them.
>
> Actually, it turns out that there's already a separately-distributed,
> separately licensed PyPI package for this:
> https://pypi.python.org/pypi/certifi
I'm not sure if Kenneth is keeping certifi up to date anymore because he made certifi for bundling the mozilla certs with requests and has since started to bundle them directly. If he's not we might want to find someone to take it over if he'll give it up if setuptools is going to use it. License shouldn't be an issue though because the MPL is a per file not per project license FWIW.
I've included Kenneth to see if he is or has any plans to keep certifi up to date.
>
> So I've just added support for it to my implementation, so that if the
> Windows registry or well-known systemwide locations aren't available,
> it'll fall back automatically. So at this point about all that's left
> is docs and command-line options.
>
> I was previously intending to make this stuff part of an 0.6c12
> release, but at this point Jason seems to be finishing up most of the
> merge work, and this new stuff might need some beta testing anyway, so
> probably it'll actually land in post-merge 0.7b stuff.
>
>
>> If you're only supporting PYthon 2.6+
>
> If that were the case, I'd have been done a *long* time ago. ;-)
> (Setuptools still supports Python 2.3.)
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130505/2b36da38/attachment.pgp>
More information about the Distutils-SIG
mailing list