Roadmap to Inclusion with Python?

[macserv]

@sethmlarson: In the project ReadMe, you state the following:

Long-term the hope is to make truststore the default way to verify HTTPS certificates in pip and to add this functionality into Python itself.

Since you're actively working within the PSF on projects including urllib3 and requests, you do seem to be in a good place to drive this kind of change. Do you have a high-level roadmap toward making truststore inclusion a reality? What can the community do to help?

Many thanks to you and your contributors for all your hard work!

[sethmlarson]

Thanks for the kind words! The Sovereign Tech Fund has an active engagement with Trail of Bits and PyPI/Python that includes work that fits the description of what you're looking for. Quoting the linked page:

The Python programming language includes the ssl module, which exposes an SSL/TLS API. This API is widely adopted in the Python ecosystem due to its default availability, but also presents significant usability, security, and maintainability risks. This effort will help revive the Unified TLS standardization effort, include much needed updates to the API from the last 6 years, and deprecate APIs that have replacements. This would have a substantial impact on the overall health, usability, and maintainability of the Python standard library.

The Unified TLS standardization effort (ie PEP 543) is what Truststore is based on originally and having spoken to @woodruffw I believe that it would be included in this project. Since this work is already funded through Trail of Bits it's unlikely that I'll personally be leading it, although I will be helping any way I can!

Hope that answers your question :)

[woodruffw]

Thanks for the ping @sethmlarson!

To confirm on my end: my team will be working on a successor PEP for the ssl module, which will include truststore in its scope. My hope is to have more public information on that in the next month or so.

[sethmlarson]

Going to close this issue as complete, thanks for raising! 🚀