On 24 December 2016 at 02:38, John Dulaney jdulaney@fedoraproject.org wrote:
On Fri, Dec 23, 2016 at 05:37:51PM +1000, Nick Coghlan wrote:
I filed that idea on the pip issue tracker at https://github.com/pypa/pip/issues/4197 but figured I should raise it
here
as well, as if something like this was added, then Fedora could be
updated
to use a standard symlink map when building RPMs, and the developer
portal
could be updated with suggest `pip.conf` settings to use the system cert bundle by default. Nick.
Seems like a good idea.
Can't we just ship a pip.conf that defaults to using the system cert bundle, rather than merely suggest it?
I'm not sure that makes sense as a general default, as it's relatively rare for a developer's laptop to 100% match the production deployment environment, which means not using the system cert store really is a better default for virtual environments in Fedora Workstation.
The case for using the system certs by default would be stronger for Fedora Server, Atomic, and the base cloud images, though (as those generally *are* deployment environments).
Cheers, Nick.