FWIW: I just ran into a situation where the new approach resulted in pip, setuptools and zc.buildout not working anymore.
This was on an AIX system which did come with CA root certificates at all. Now, I knew how to fix this, but the solution was not an obvious one. I had to use truss to figure out where OpenSSL was looking for certificates and the added the Mozilla cert bundle from our egenix-pyopenssl package to make things work again. This was on a system where Python 2.7.3 had been installed previously. After the upgrade to Python 2.7.9 nothing worked anymore. Again: Please let the users decide what level of security they want to apply. We can point users to solutions, but in the end have to respect their own decisions. Note that staying with Python 2.7.8 is a much worse approach than disabling the checks. -- Marc-Andre Lemburg eGenix.com _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com