R. David Murray added the comment:
I do not understand why the vendors want to re-introduce a security hole.
I understand that it causes issues using legacy software to communicate with
sites that don't verify, but I think that the correct solution to this is
disabling verification on a per-tr
Nick Coghlan added the comment:
Clarified the issue heading a bit, and cc'ed in the main Debian/Ubuntu folks.
Matthias, Barry - the attached patch here is aimed at making PEP 476 a bit more
distro friendly by moving the "opt out" to a configuration file rather than
requiring monkeypatching in
