[Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 6 22:53:55 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414
Kubilay Kocak <koobs at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |koobs at FreeBSD.org,
| |python at FreeBSD.org,
| |sergey at akhmatov.ru
See Also| |https://bugs.freebsd.org/bu
| |gzilla/show_bug.cgi?id=1603
| |87
Status|New |Open
Keywords|patch |feature, needs-qa
Flags|maintainer-feedback?(python |maintainer-feedback?(sergey
|@FreeBSD.org) |@akhmatov.ru)
--- Comment #1 from Kubilay Kocak <koobs at FreeBSD.org> ---
While the functional changes itself appear OK (except for hardcoding
/usr/local), given the certifi project describes itself "Certifi is a carefully
curated collection of Root Certificates", and further appears to lean against
the addition of addition certs [1], I'm hesitant to modify the default provided
certificate bundle, for POLA and matching documentation reasons, both related
to user experience.
Yes, in this case the patch includes it only as an OPTION, but I think this
feature may ultimately be better served as an upstream issue/pull request,
similar to this request for extracting OSX trust roots [2]. There is an
additional benefit here of having FreeBSD support added to an upstream project,
presumably also in the documentation as such.
[1] https://github.com/certifi/python-certifi/issues/72
[2] https://github.com/certifi/python-certifi/issues/25
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-python
mailing list