STINNER Victor <vstin...@redhat.com> added the comment:
> Will this break something in the world other than our own test_xmlrpc test? > Probably. Do they have a right to complain about it? Not one we need listen > to. I understand. But. Can we consider that for old Python versions like Python 2.7 and 3.5? This change will be applied to all supported Python versions. I recall that when Python 2.7 started to validate TLS certificate, the change broke some applications. Are these applications badly written? Yes! But well, "it worked well before". Sometimes, when you work in a private network, the security matters less, whereas it might be very expensive to fix a legacy application. At Red Hat, we developed a solution to let customers to opt-out from this fix (to no validate TLS certificates), because it is just too expensive for customers to fix their legacy code but they would like to be able to upgrade RHEL. One option to not validate URLs is to downgrade Python, but I'm not sure that it's the best compromise :-/ ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue30458> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
