Bug 840142 - python-certifi: stop shipping own certificate bundle
python-certifi: stop shipping own certificate bundle
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: python-certifi (Show other bugs)
rawhide
Unspecified Unspecified
medium Severity high
: ---
: ---
Assigned To: Arun S A G
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-13 16:57 EDT by Tomas Hoger
Modified: 2012-07-16 11:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-15 19:52:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2012-07-13 16:57:52 EDT
Description of problem:
python-certifi comes with certificate bundle generated from nss/mozilla certdata.txt.  It's the same source that is used to build ca-bundle.crt form ca-certificates.  We should not duplicate those bundles, as that makes it more difficult to deal with updates when some CA needs to be removed.

python-certify should require ca-certificates and use that bundle.  There seem to be 2 options:
- replace cacert.pem by a symlink to /etc/pki/tls/certs/ca-bundle.crt without changing python code
- don't include cacert.pem in the package at all, fix code to return path to /etc/pki/tls/certs/ca-bundle.crt


Additional info:
We have already done similar change for equivalent perl package - bug #738383.

It seems python-certifi was pulled into Fedora as requirement of python-requests (bug #808987), but is no longer used by python-requests:

http://pkgs.fedoraproject.org/gitweb/?p=python-requests.git;a=commitdiff;h=74db89b32895cb7f543f37811f736e402c98dfe7

If python-certifi is no longer needed in Fedora, please consider removing it.
Comment 1 Arun S A G 2012-07-15 19:52:09 EDT
Retired the package. Thank you.
Comment 2 Tomas Hoger 2012-07-16 03:35:26 EDT
Does it still need some git clean-up as per 2. and 3. in:
http://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life ?
Comment 3 Arun S A G 2012-07-16 11:22:17 EDT
Aha, I missed the step 2 and 3. In that case, i need to ask a proven packager. Can you help?
Comment 4 Tomas Hoger 2012-07-16 11:40:47 EDT
I'm not proven packager, sorry.

Note You need to log in before you can comment on or make changes to this bug.