zodalahtathi added the comment: I agree that changing a default to something less secure is not something to do lightly, however I think forcing a check that is explicitly disabled is a bug and can be counter productive security wise.
People who don't have time to look at the stdlib code, and file bug like this are likely to react with "fuck it, I'll use plain HTTP". By the way, my use case is precisely xmlrpc. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22959> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com