[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython) (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Mon Jun 3 18:56:08 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 3 Jun 2013 12:43:32 -0400 Donald Stufft <donald at stufft.io> wrote:
On Jun 3, 2013, at 5:51 AM, Antoine Pitrou <solipsis at pitrou.net> wrote: > On Mon, 3 Jun 2013 21:37:10 +1200 > Ben Hoyt <benhoyt at gmail.com> wrote: >> >> I'm not familiar with Unix/Linux, but on Windows, if it's anything >> like mimetypes it'll be really hard to get consistent behaviour across >> different boxes/versions from the registry, or wherever certs might be >> stored on Windows. I'd much rather have a slightly outdated but >> consistent experience by default. > > The problem with a "slightly outdated" CA store is that it can be a > security risk. > > Regards > > Antoine. > > _> ________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/donald%40stufft.io Tracking the Mozilla store isn't difficult. New additions can be ignored for currently released Pythons so we'd just need to watch them for blacklisting certs and roll that into a security update.
Let's see if our security release managers want to do that job.
Regards
Antoine.
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]