Donald Stufft
Donald Stufft
I think the system trust stores (or not) essentially boils down to whether you want requests to act the same across platforms, or whether you want it to act in...
It depends if your audience are people who are familiar with a particular platform or not. I have no idea how to manage the trust store on Windows but I...
It forces them to learn the differences of every platform they are running on. Sent from my iPhone > On Jan 11, 2016, at 4:59 PM, Glyph [email protected] wrote: >...
In my experience with pip, which attempts to discover the system store and if it can't find it falls back to a bundled copy, I have had to learn how...
Look for files on the system*
FWIW, If I could prevent downstream redistributors from forcing pip to use the system store, I would revert the change to look in system locations immediately and only ever use...
The flip side is that you have trust stores like Debian which trusted CACert for a long time, and still trusts SPI even though neither of those have gone through...
SPI isn't run by Debian, it's a third party organization similar to that of the Software Freedom Conservancy that Debian happens to be a member of. It'd be more like...
To be fair to Debian, I think the _current_ plan is to stop using SPI certificates for their infrastructure and switch to more generally trusted certificates and then stop including...
Maybe they should stop shipping an OpenSSL that can't correctly validate certificate chains.