Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Aug 2018 22:53:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        python@FreeBSD.org
Subject:   [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
Message-ID:  <bug-230414-21822-Eu1IjTy1FY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
References:  <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230414

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |koobs@FreeBSD.org,
                   |                            |python@FreeBSD.org,
                   |                            |sergey@akhmatov.ru
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=3D1=
603
                   |                            |87
             Status|New                         |Open
           Keywords|patch                       |feature, needs-qa
              Flags|maintainer-feedback?(python |maintainer-feedback?(sergey
                   |@FreeBSD.org)               |@akhmatov.ru)

--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
While the functional changes itself appear OK (except for hardcoding
/usr/local), given the certifi project describes itself "Certifi is a caref=
ully
curated collection of Root Certificates", and further appears to lean again=
st
the addition of addition certs [1], I'm hesitant to modify the default prov=
ided
certificate bundle, for POLA and matching documentation reasons, both relat=
ed
to user experience.

Yes, in this case the patch includes it only as an OPTION, but I think this
feature may ultimately be better served as an upstream issue/pull request,
similar to this request for extracting OSX trust roots [2]. There is an
additional benefit here of having FreeBSD support added to an upstream proj=
ect,
presumably also in the documentation as such.

[1] https://github.com/certifi/python-certifi/issues/72
[2] https://github.com/certifi/python-certifi/issues/25

--=20
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822-Eu1IjTy1FY>