Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Aug 2018 22:53:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        python@FreeBSD.org
Subject:   [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
Message-ID:  <bug-230414-21822-Eu1IjTy1FY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
References:  <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |koobs@FreeBSD.org,
                   |                            |python@FreeBSD.org,
                   |                            |sergey@akhmatov.ru
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=1603
                   |                            |87
             Status|New                         |Open
           Keywords|patch                       |feature, needs-qa
              Flags|maintainer-feedback?(python |maintainer-feedback?(sergey
                   |@FreeBSD.org)               |@akhmatov.ru)

--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
While the functional changes itself appear OK (except for hardcoding
/usr/local), given the certifi project describes itself "Certifi is a carefully
curated collection of Root Certificates", and further appears to lean against
the addition of addition certs [1], I'm hesitant to modify the default provided
certificate bundle, for POLA and matching documentation reasons, both related
to user experience.

Yes, in this case the patch includes it only as an OPTION, but I think this
feature may ultimately be better served as an upstream issue/pull request,
similar to this request for extracting OSX trust roots [2]. There is an
additional benefit here of having FreeBSD support added to an upstream project,
presumably also in the documentation as such.

[1] https://github.com/certifi/python-certifi/issues/72
[2] https://github.com/certifi/python-certifi/issues/25

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822-Eu1IjTy1FY>