Lukasa
commented
9 years ago Ah crap, thanks for spotting that. Yeah, we effectively treat that page as a static resource. I'll take a quick look and see if I can fix it.
Closed mbeijen closed 9 years ago
Lukasa
commented
9 years ago Ah crap, thanks for spotting that. Yeah, we effectively treat that page as a static resource. I'll take a quick look and see if I can fix it.
Lukasa
commented
9 years ago Ok, I've updated all the links I could find to point instead at https://mkcert.org/generate/. That's the latest source for our bundles.
Hopefully that's improved the situation dramatically!
mbeijen
commented
9 years ago Thanks for your very quick response.
I came across your module because of python requests which I like very much.
I noticed the go library is also out of date, I filed issue https://github.com/certifi/gocertifi/issues/6 for that. But then I looked at the ruby and node modules and these also seem to be out of date. That's not so nice...!
Actually I had the idea of creating a certifi / mkcert.org based module for Perl, mostly because perl has Mozilla::CA but this has some issues:
https://github.com/gisle/mozilla-ca/pull/5
I think it might turn out to be very difficult to do something like this and do it properly :-)
Lukasa
commented
9 years ago It is definitely difficult, but the main cost is developer time. I love certifi and I want to spend more time on it, but it requires more investment on my part than I've previously been able to spend. In order to get certifi to work I have to keep mkcert.org up and running, and then poll for new updates to Mozilla's bundles, and then pull the trigger on releasing all the things. For Go and Python that's easy enough, because I know those ecosystems well, but for node and ruby I know them less well and require support from other developers.
I'm hoping to be able to spend more time sorting out the certifi infrastructure, but for now Python's certifi module will always be the one that gets the most love. We're trying though!
(Btw, if you want to do a Perl version we'd love to have it!)
Hi, both the 'latest' bundle and the bundle linked in the 'atom' feed on the main page on https://certifi.io are out of date - they're somewhere from 2014!
I see that you state in issue #2 that updating these is currently a manual process and I understand, but this really is a nasty issue. If you think to download the latest version and you'll end up with an outdated set this gives a very false sense of security.
If there is currently no automatic way to update the pem database for whatever reason, it might be best to just remove these options from the web site. The number one use case of certify would be by downloading it via your programming language- or linux distro- package manager anyway.