https://bugzilla.redhat.com/show_bug.cgi?id=1232433 Jonathan Underwood <jonathan.underwood@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stefw@xxxxxxxxxx --- Comment #1 from Jonathan Underwood <jonathan.underwood@xxxxxxxxx> --- OK, first question. This package ships some CA certs under /usr/lib/python... Fedora has a goal of sharing CAcerts system wide, and an application or library bundling its own cacerts is potentially a security problem. Unfortunately there aren't any packaging guidelines about this as far as I can see. Here are some useful links: https://fedoraproject.org/wiki/Features/SharedSystemCertificates https://lists.fedoraproject.org/pipermail/devel/2014-January/193617.html So, my questions are: 1) Why isn't this package using the system wide cacert bundle? 2) If there's a good answer to (1), why aren't the certs stored under /etc/pki/python-certifi or somesuch application directory? I'm cc'ing Stef on this bug in the hope he might offer some guidance here (Kai's email address no longer seems valid). -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review