Closed macserv closed 8 months ago
Thanks for the kind words! The Sovereign Tech Fund has an active engagement with Trail of Bits and PyPI/Python that includes work that fits the description of what you're looking for. Quoting the linked page:
The Python programming language includes the ssl module, which exposes an SSL/TLS API. This API is widely adopted in the Python ecosystem due to its default availability, but also presents significant usability, security, and maintainability risks. This effort will help revive the Unified TLS standardization effort, include much needed updates to the API from the last 6 years, and deprecate APIs that have replacements. This would have a substantial impact on the overall health, usability, and maintainability of the Python standard library.
The Unified TLS standardization effort (ie PEP 543) is what Truststore is based on originally and having spoken to @woodruffw I believe that it would be included in this project. Since this work is already funded through Trail of Bits it's unlikely that I'll personally be leading it, although I will be helping any way I can!
Hope that answers your question :)
Thanks for the ping @sethmlarson!
To confirm on my end: my team will be working on a successor PEP for the ssl
module, which will include truststore
in its scope. My hope is to have more public information on that in the next month or so.
Going to close this issue as complete, thanks for raising! :rocket:
For anyone looking for an update on @woodruffw's progress regarding the ssl
successor PEP, strap in...
https://discuss.python.org/t/pre-pep-discussion-revival-of-pep-543/51263
@sethmlarson: In the project ReadMe, you state the following:
Since you're actively working within the PSF on projects including
urllib3
andrequests
, you do seem to be in a good place to drive this kind of change. Do you have a high-level roadmap toward makingtruststore
inclusion a reality? What can the community do to help?Many thanks to you and your contributors for all your hard work!