Log file Viewer
#pypa-dev logs for Friday the 2nd of August, 2019
[19:21:51] <sumanah> I stepped away for a break but now I'm back. Welcome and thank you for coming to IRC
[19:22:11] <sumanah> you're working on https://github.com/pypa/pip/issues/6720 "Document the behavior of `--cert`"
[19:23:53] <sumanah> I believe your next step is to learn where (in the pip codebase) pip gets the text that it shows the user when the user asks for command-line help
[19:30:07] <serhii7328> I read documentation, and a little bit more understanding now how working pipBut what the --cert - don't understand.Is it maybe a certificate? Path to the certificate?But why it is needed?Understand why needpip install, list, search, freeze but what to do certificate, right now I don't know.
[19:32:55] <sumanah> the next thing I suggest you do is to search the history of pip's repository using using arguments to git log
[19:33:47] <sumanah> git grep idea searches a code repository's code and comments for the word "idea", git log --grep="idea" searches the commit history for times we've used the word "idea" in a commit message, and git blame codefile.py shows you who last changed every line of that codefile, and when.
[19:34:57] <serhii7328> 787d37403 pip/cmdoptions.py (Robert Collins 2015-04-17 14:41:36 +1200 289) cert = partial(787d37403 pip/cmdoptions.py (Robert Collins 2015-04-17 14:41:36 +1200 290) Option,15910f573 pip/cmdoptions.py (Marcus Smith 2013-09-16 22:21:15 -0700 291) '--cert',15910f573 pip/cmdoptions.py
[19:34:58] <serhii7328> (Marcus Smith 2013-09-16 22:21:15 -0700 292) dest='cert',15910f573 pip/cmdoptions.py (Marcus Smith 2013-09-16 22:21:15 -0700 293) type='str',15910f573 pip/cmdoptions.py (Marcus Smith 2013-09-16 22:21:15 -0700 294) metavar='path',da5781074 src/pip/_internal/cmdoptions.py (Pradyu
[19:34:58] <serhii7328> n Gedam 2017-09-02 16:52:19 +0530 295) help="Path to alternate CA bundle.",028848574 src/pip/_internal/cli/cmdoptions.py (Maxim Kurnikov 2018-12-03 15:47:11 +0300 296) ) # type: Callable[..., Option]
[19:35:55] <sumanah> serhii7328: it's ok, I understand, you made a mistake - I suggest https://hastebin.com/ the next time when you want to paste something and share it
[19:38:43] <serhii7328> da5781074 src/pip/_internal/cmdoptions.py (Pradyun Gedam 2017-09-02 16:52:19 +0530 295) help="Path to alternate CA bundle.",
[19:40:39] <sumanah> serhii7328: ok. Take a look at this section and tell me when you have read it: https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_authorities
[19:43:42] <sumanah> serhii7328: and next, I suggest you run: git grep -i "certificate" and look at some of the documentation and code in the search results
[19:44:49] <sumanah> example: https://pip.pypa.io/en/stable/reference/pip_install/?highlight=certificate#ssl-certificate-verification
[19:46:06] <sumanah> Based on that search result, from git grep -i "certificate" , I saw an interesting file called "certifi" that you might also want to look at
[19:47:09] <sumanah> serhii7328: I personally am not a pip developer and I don't know the answer to your question -- I do not know specifically what the --cert option does or why it was implemented. But using these tools, like git grep and git log, I can start to find out, and so can you
[19:49:40] <sumanah> I don't KNOW the answer, but I think it is something like this: by default, pip trusts several Certificate Authorities, as a "bundle" listed in "certifi". The --cert option lets a user say "here is a different bundle of CAs I want you to use instead"
[19:50:46] <serhii7328> certificate authorities are a weak point from a security standpoint and TLS work with these certificates. Ok.https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_authoritiesI read it.I don't understand the difference between --client-cert and --cert
[19:50:47] <sumanah> serhii7328: do you understand why pip, during installation, has to make decisions about which Certificate Authorities to trust? It's like how a browser might need to warn the user: This is not really a secure site!
[19:52:28] <sumanah> I saw that there is a line in pip's release notes: Add ``--client-cert`` option for SSL client certificates. (#1424)
[19:52:42] <sumanah> that means that the discussion happened in pip GitHub issue #1424 https://github.com/pypa/pip/issues/1424
[19:54:23] <sumanah> serhii7328: so I do not know for certain, but I think: --cert is for SERVER certificates, --client-cert is for client certificates in situations where the server requires that you (the pip user) authenticate in order to connect.
[20:03:51] <sumanah> serhii7328: every 2 weeks please comment on the issue and say whether you are still working on it -- and please feel free to comment there about your progress and questions
[20:04:52] <sumanah> serhii7328: if you have questions you can ask here also. I am here sometimes. Other people are also here. If you ask a question and no one answers, please wait at least 20 minutes in case someone sees it and replies.
[20:05:11] <sumanah> Or if you can't wait, please link to the GitHub issue, so people who are catching up on the chat can reply there.
[20:06:04] <sumanah> serhii7328: Great. I'm going to go work on other things now. Do you feel ready to work more on this issue? Do you have questions you need help with?
[20:09:57] <sumanah> If so, please feel free to ask them here or on the issue. Thanks for working on this and for your persistence serhii7328!