Merge pull request pypa#12696 from ichard26/vendoring-policy

Cut note on removing vendored cacert.pem
jfly · May 28, 2024 · 911bf99 · 911bf99
2 parents 1904270 + eaa90e3
commit 911bf99
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/news/9be41686-c40a-4e08-84e1-936b65b74fc7.trivial.rst b/news/9be41686-c40a-4e08-84e1-936b65b74fc7.trivial.rst
diff --git a/src/pip/_vendor/README.rst b/src/pip/_vendor/README.rst
@@ -80,12 +80,7 @@ instead opt to patch the software they distribute to debundle it and make it
 rely on the global versions of the software that they already have packaged
 (which may have its own patches applied to it). We (the pip team) would prefer
 it if pip was *not* debundled in this manner due to the above reasons and
-instead we would prefer it if pip would be left intact as it is now. The one
-exception to this, is it is acceptable to remove the
-``pip/_vendor/requests/cacert.pem`` file provided you ensure that the
-``ssl.get_default_verify_paths().cafile`` API returns the correct CA bundle for
-your system. This will ensure that pip will use your system provided CA bundle
-instead of the copy bundled with pip.
+instead we would prefer it if pip would be left intact as it is now.
 
 In the longer term, if someone has a *portable* solution to the above problems,
 other than the bundling method we currently use, that doesn't add additional