On 24 November 2015 at 06:47, Wes Turner <wes.tur...@gmail.com> wrote: > 1. Does this affect easy_install?
easy_install has validated certificates since distribute was merged back into the project as part of setuptools 0.7 [1], and aside from one issue with HTTPS tunnelling [2], the certificate verification code has been stable since setuptools 1.3 [3]. > 2. If/because this affects easy_install, > should the guidance / suggested package installation tool be [pip]; > because pip install_requires backports.ssl_match_hostname setuptools/easy_install uses backports.ssl_match_hostname if it's available, and otherwise has its own implementation. Cheers, Nick. [1] https://pythonhosted.org/setuptools/history.html#id159 [2] https://pythonhosted.org/setuptools/history.html#id80 [3] https://pythonhosted.org/setuptools/history.html#id123 -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com