https://bugzilla.novell.com/show_bug.cgi?id=761501
https://bugzilla.novell.com/show_bug.cgi?id=761501#c24
--- Comment #24 from Jan Matejek
IOW, literally no packages are affected in any way by whether we load the default cert store. Either they are insecure, and will continue to be insecure, or they are already supplying their own cert bundles.
Correct. We're trying to address the latter for a start.
Right, but we can't really do that in a way that helps upstreams too much. They can't even do "try (suse_approach) except (other_approach)" because the wrap_socket call doesn't fail, it only fails at connect. What we could do is implement our own ssl.load_default_bundles, and then upstreams could do try: ssl.load_default_bundles() except AttributeError: (do whatever you need to do outside SUSE) This is still special-casing, but it is at least cleaner and other distributions are more likely to pick our patch.
Yes we are. It's free software after all.
yeeaaah, and i'm sure all the developers in the world would love us just that much more if we did change it :P -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.