Message192639
| Author |
pitrou |
| Recipients |
Arfrever, barry, benjamin.peterson, christian.heimes, eric.araujo, fweimer, icordasc, jcea, loewis, naif, pitrou |
| Date |
2013年07月08日.11:56:41 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<187543472.150551967.1373284595430.JavaMail.root@zimbra10-e2.priv.proxad.net> |
| In-reply-to |
<1373240155.89.0.67198978521.issue13655@psf.upfronthosting.co.za> |
| Content |
> I think we can improve the situation with shipping our own CA certs.
> Almost every operating system or distribution comes with a set of CA
> certs.
Why would we ship our own CA certs if every OS comes with CA certs?
> I lots of Linux distributions and most BSD systems. All except
> FreeBSD install CA certs by default. A fresh FreeBSD systems doesn't
> have certs but ``pkg_add -r ca-root-nss`` fixes that.
Kudos to FreeBSD.
Anyway, isn't SSLContext.set_default_verify_paths() enough already?
> Here is a full list: [snip full list]
I don't think it's a good idea to maintain a list of hard-coded
paths in Python: it's not manageable, and it will always become
outdated. If there was a widely-respected standard (e.g. in FHS or
LSB), things would be a lot better. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年07月08日 11:56:42 | pitrou | set | recipients:
+ pitrou, loewis, barry, jcea, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, naif, icordasc, fweimer |
| 2013年07月08日 11:56:42 | pitrou | link | issue13655 messages |
| 2013年07月08日 11:56:41 | pitrou | create |
|