On 22 January 2014 13:55, Donald Stufft <don...@stufft.io> wrote: > > As an additional side note, anecdotal evidence and what not, but > *every* time I bring this up somewhere I get at least one reply that > looks similar to https://twitter.com/ojiidotch/status/425986619879866368
Surprise that Python doesn't verify certs is one thing. I would also like to live in a world where Python has always verified certs, and all the issues have already been resolved. Imposing breakage on end users because we haven't managed to persuade application developers to do the right thing yet (even though it appears we've made it one-line-of-code easy to do so) is another thing entirely. But the deprecation cycle gives application developers time (and a deadline) so I'm happy with that. Although from MAL's original comment: > Note that several python.org services use CAcerts which would no > longer be accessible per default following such a change. ,The PSF needs to get that sorted before making cert validation the default in Python, IMO. Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
