On Aug 13, 2016, at 04:14 PM, Benjamin Peterson wrote: >Correctness of TLS certificate verification is known to depend deeply on >distribution. Python began to verify certificates by default only in in >version 2.7.9. Many OS distributions (in particular, Ubuntu) did not >enable verification for their stable distributions for backwards >compatibility reasons. You might find looking at distro bugs for >CVE-2014-9365 edifying.
In particular, we discussed this issue with the Ubuntu security team and decided that the backward compatibility issues required not enabling this by default for older versions. We did however include the mechanisms from PEP 493 so that end-users and system administrators could make different choices based on their own assessments and needs. Cheers, -Barry _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
