Date: Mon, 08 Jun 2020 10:28:45 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss Message-ID: <bug-230414-21822-JvRLiol0IO@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230414 --- Comment #11 from Kubilay Kocak <koobs@FreeBSD.org> --- (In reply to Michael Osipov from comment #9) You're welcome Michael. What are your thoughts on a BUNDLED_CERTS or similarly named option, which = uses the bundled certs when enabled (default), and ca_root_nss when disabled? My thoughts on the considerations/tradeoff space: 1) I'm not particularly a fan of 'reversed' option semantics, which can be a little confusing for users, but ... 2) The merit of having the default port/package build match upstream behavi= our would seem to be nice, leaving a choice for the user to change it if they w= ould like to, in place. 3) In this configuration, package users would (only) get the default (bund= led) certs without customisation ability. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822-JvRLiol0IO>