Bug 840142

Summary: python-certifi: stop shipping own certificate bundle
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: python-certifiAssignee: Arun S A G <sagarun>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: sagarun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-15 23:52:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2012-07-13 20:57:52 UTC 
Description of problem:
python-certifi comes with certificate bundle generated from nss/mozilla certdata.txt.  It's the same source that is used to build ca-bundle.crt form ca-certificates.  We should not duplicate those bundles, as that makes it more difficult to deal with updates when some CA needs to be removed.

python-certify should require ca-certificates and use that bundle.  There seem to be 2 options:
- replace cacert.pem by a symlink to /etc/pki/tls/certs/ca-bundle.crt without changing python code
- don't include cacert.pem in the package at all, fix code to return path to /etc/pki/tls/certs/ca-bundle.crt


Additional info:
We have already done similar change for equivalent perl package - bug #738383.

It seems python-certifi was pulled into Fedora as requirement of python-requests (bug #808987), but is no longer used by python-requests:

http://pkgs.fedoraproject.org/gitweb/?p=python-requests.git;a=commitdiff;h=74db89b32895cb7f543f37811f736e402c98dfe7

If python-certifi is no longer needed in Fedora, please consider removing it.
Comment 1 Arun S A G 2012-07-15 23:52:09 UTC 
Retired the package. Thank you.
Comment 2 Tomas Hoger 2012-07-16 07:35:26 UTC 
Does it still need some git clean-up as per 2. and 3. in:
http://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life ?
Comment 3 Arun S A G 2012-07-16 15:22:17 UTC 
Aha, I missed the step 2 and 3. In that case, i need to ask a proven packager. Can you help?
Comment 4 Tomas Hoger 2012-07-16 15:40:47 UTC 
I'm not proven packager, sorry.