Donald Stufft
Donald Stufft
Seems reasonable.
> SPI was originally created to allow the Debian Project to accept donations. It now acts as a fiscal sponsor to many free and open source projects. _originally_ is an...
The other side of that is, if the people who _should_ do the job did it and we were happy with that, we'd just let OpenSSL pick our default cipher...
According to https://www.chromium.org/Home/chromium-security/root-ca-policy Chrome only uses the platform trust store on Windows and OSX.
Because an issue in pip made me think about this again! > On *nix, this should be in one of a few well-known locations, and certitude could simply proxy to...
@glyph well, except AFAIK Windows doesn't provide a way to either enumerate the SSL Certificates in a way that you actually get them all, not just the ones you've seen....
Honestly, the single greatest thing that could probably be done to increase security is for cryptography to start shipping statically compiled wheels on Linux too so you can get a...
Just to further hammer home my point: - Homebrew on OSX ships with a broken CAPath because it's empty but the directory exists. - Debian ships with a broken CAFile...
An API exists, and on those platforms it returns a wrong or invalid value, that's pretty solidly broken in my book. In Python, if `sys.stdout.write()` on these platforms didn't actually...
For the record, no compilation _does_ mean no C code if requests is going to continue to be used by pip. We cannot have any mandatory code that is not...