pycurl isn't a current dependency, but will get added as one with the update.
I don't think trying to limit the CAs is a good idea, as it will complicate things if we need to change CAs in a hurry.
If someone doesn't trust the default CA list, they can always manually check the fingerprint, or manually add the repository.
pycurl isn't a current dependency, but will get added as one with the update.
I don't think trying to limit the CAs is a good idea, as it will complicate things if we need to change CAs in a hurry.
If someone doesn't trust the default CA list, they can always manually check the fingerprint, or manually add the repository.