search

jeetsukumaran / DendroPy

A Python library for phylogenetic scripting, simulation, data processing and manipulation.
https://pypi.org/project/DendroPy/.
BSD 3-Clause "New" or "Revised" License
207 stars 63 forks source link

Re-enable secure SSL in setup.py #133

Closed kislyuk closed 4 months ago

kislyuk commented 3 years ago

Hi, I noticed that DendroPy disables SSL certificate verification globally in setup.py:

import ssl
if hasattr(ssl, '_create_unverified_context'):
    ssl._create_default_https_context = ssl._create_unverified_context

It seems this workaround should no longer be necessary. Can it be removed to avoid any doubts about security at install time?

jeetsukumaran commented 3 years ago

No longer necessary universally, or no longer necessary for particular/latest versions of Python, OS, etc.?

kislyuk commented 3 years ago

Disabling SSL security is not necessary in any supported configuration of Python or its host OS that I'm aware of.

mmore500 commented 4 months ago

This ssl code in question been removed from setup.py