Kenneth Reitz
Kenneth Reitz
Why not `~/.js/asssets` or `~/.js/static`?
I think our current approach is the correct one, considering who Requests was built for. That being said, it wouldn't hurt to add more documentation/functionality around using system certs for...
My main concern with this discussion is the potential impacts proposed solutions could have on the user experience. So, to be clear, here are some guidelines: --- ## Guidelines -...
@mwcampbell because that is a requirement of this library. C compilation is rarely a seamless experience and is the #1 source of end-user confusion/frustration when it comes to package installation....
@glyph an excellent decision :) (although, an unfortunate one)
**Current Thoughts** I still think this should be disastrous, and everything in me says no. But I'm confident that if this _does_ happen, it will be because it is implemented...
@glyph > This issue has been really illuminating for me. But what do you mean by "disastrous"? It sounds like you think the implementation will just fail to work somehow?...
@dstufft if that's true, perhaps we can rig it up similar to the current auto-use of PyOpenSSL, if available. Taken further, could be a package like `requests-systemcerts`, included in `requests[security]`.
We could consider making a default in 3.0, but I don't know what it would be... 120s? Idk, I like our current design. You really shouldn't be hitting the internet...
Those seem reasonable to me. I just just think this should be a connect-only timeout, not a download timeout.