On 31 January 2017 at 09:19, Cory Benfield <[email protected]> wrote:
>
> In general, it is unwise to mix trust stores. If you want to use your OS’s
> trust store, the best approach is to use the OS’s TLS stack as well. At
> least that way when a user says “It works in my browser”, you know it should
> work for you too.
As a bystander (and an "end user" of this stuff) the message I'm
getting here is a bit worrying. To take a step back from the sysadmin
issues here, is the statement
It's safe to use Python (either via the stdlib, or various 3rd
party libraries like requests) to access https URLs
correct? I understand that "safe" is a complex concept here, but in
terms of promoting Python, I'd be using the term in the sense of "at
least as acceptable as using something like C# or Java" - in other
words I'm not introducing any new vulnerabilities if I argue for
Python over one of those languages?
Paul
_______________________________________________
Python-Dev mailing list
[email protected]
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
