[Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 8 10:28:45 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414
--- Comment #11 from Kubilay Kocak <koobs at FreeBSD.org> ---
(In reply to Michael Osipov from comment #9)
You're welcome Michael.
What are your thoughts on a BUNDLED_CERTS or similarly named option, which uses
the bundled certs when enabled (default), and ca_root_nss when disabled?
My thoughts on the considerations/tradeoff space:
1) I'm not particularly a fan of 'reversed' option semantics, which can be a
little confusing for users, but ...
2) The merit of having the default port/package build match upstream behaviour
would seem to be nice, leaving a choice for the user to change it if they would
like to, in place.
3) In this configuration, package users would (only) get the default (bundled)
certs without customisation ability.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-python
mailing list