sethmlarson
commented
8 months ago Thanks for the kind words! The Sovereign Tech Fund has an active engagement with Trail of Bits and PyPI/Python that includes work that fits the description of what you're looking for. Quoting the linked page:
The Python programming language includes the ssl module, which exposes an SSL/TLS API. This API is widely adopted in the Python ecosystem due to its default availability, but also presents significant usability, security, and maintainability risks. This effort will help revive the Unified TLS standardization effort, include much needed updates to the API from the last 6 years, and deprecate APIs that have replacements. This would have a substantial impact on the overall health, usability, and maintainability of the Python standard library.
The Unified TLS standardization effort (ie PEP 543) is what Truststore is based on originally and having spoken to @woodruffw I believe that it would be included in this project. Since this work is already funded through Trail of Bits it's unlikely that I'll personally be leading it, although I will be helping any way I can!
Hope that answers your question :)
woodruffw
macserv
@sethmlarson: In the project ReadMe, you state the following:
Since you're actively working within the PSF on projects including
urllib3andrequests, you do seem to be in a good place to drive this kind of change. Do you have a high-level roadmap toward makingtruststoreinclusion a reality? What can the community do to help?Many thanks to you and your contributors for all your hard work!