R. David Murray added the comment:

I do not understand why the vendors want to re-introduce a security hole.

I understand that it causes issues using legacy software to communicate with 
sites that don't verify, but I think that the correct solution to this is 
disabling verification on a per-transaction basis, similar to how wget and curl 
have command line options for.   For Python I think this would mean an 
environment variable.  I believe I suggested or supported this before and it 
was rejected (I don't particularly remember why).

If you want to make it config file driven it ought to be keyed by site, not by 
protocol, IMO, and that seems like a suspect thing to put in a global 
configuration file.

Introducing a global config file for Python is a significant architectural 
change, and merits a careful discussion (and probably a PEP).

I don't think it is particularly useful to have this as a tracker issue at this 
stage.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23857>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to