[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance) (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Mon Nov 23 18:56:16 EST 2015
- Previous message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
- Next message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 24 November 2015 at 06:47, Wes Turner <wes.turner at gmail.com> wrote:
1. Does this affect easyinstall?
easy_install has validated certificates since distribute was merged back into the project as part of setuptools 0.7 [1], and aside from one issue with HTTPS tunnelling [2], the certificate verification code has been stable since setuptools 1.3 [3].
2. If/because this affects easyinstall, should the guidance / suggested package installation tool be [pip]; because pip installrequires backports.sslmatchhostname
setuptools/easy_install uses backports.ssl_match_hostname if it's available, and otherwise has its own implementation.
Cheers, Nick.
[1] https://pythonhosted.org/setuptools/history.html#id159 [2] https://pythonhosted.org/setuptools/history.html#id80 [3] https://pythonhosted.org/setuptools/history.html#id123
-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
- Next message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]