[issue13655] Python SSL stack doesn't have a default CA Store
Barry A. Warsaw
report at bugs.python.org
Mon Jul 8 15:50:57 CEST 2013
Barry A. Warsaw added the comment:
On Jul 08, 2013, at 11:56 AM, Antoine Pitrou wrote:
>I don't think it's a good idea to maintain a list of hard-coded
>paths in Python: it's not manageable, and it will always become
>outdated. If there was a widely-respected standard (e.g. in FHS or
>LSB), things would be a lot better.
I agree. I don't think we should be shipping certs, but if we do, then it
must be possible and easy for e.g. Linux distros to override. Linux distros
are already managing certs through their normal and security updates, so it's
a burden to also have to do so for Python. I think this analogous to shipping
other types of external databases, e.g. timezones, etc.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13655>
_______________________________________
More information about the Python-bugs-list
mailing list