Red Hat Bugzilla – Bug 840142
python-certifi: stop shipping own certificate bundle
Last modified: 2012-07-16 11:40:47 EDT
Description of problem:
python-certifi comes with certificate bundle generated from nss/mozilla certdata.txt. It's the same source that is used to build ca-bundle.crt form ca-certificates. We should not duplicate those bundles, as that makes it more difficult to deal with updates when some CA needs to be removed.
python-certify should require ca-certificates and use that bundle. There seem to be 2 options:
- replace cacert.pem by a symlink to /etc/pki/tls/certs/ca-bundle.crt without changing python code
- don't include cacert.pem in the package at all, fix code to return path to /etc/pki/tls/certs/ca-bundle.crt
We have already done similar change for equivalent perl package - bug #738383.
It seems python-certifi was pulled into Fedora as requirement of python-requests (bug #808987), but is no longer used by python-requests:
If python-certifi is no longer needed in Fedora, please consider removing it.
Retired the package. Thank you.
Does it still need some git clean-up as per 2. and 3. in:
Aha, I missed the step 2 and 3. In that case, i need to ask a proven packager. Can you help?
I'm not proven packager, sorry.