Package: python3 Version: 3.7.3-1 Severity: important Dear Maintainer,
Python has no dependency on ca-certificates. Installing Python on a minimal Debian or Ubuntu container image does not pull in ca-certificates. This results in certificate validation issues as no trust anchors are available. Python's ssl module and ssl.create_default_context() depend on default root CA packages being available. Reproducer: # docker run -ti debian:buster /bin/bash # apt-get update # apt-get install python3 # ls -la /etc/ssl/certs/ca-certificates.crt ls: cannot access '/etc/ssl/certs/ca-certificates.crt': No such file or directory # dpkg -l ca-certificates Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-===============-============-============-================================= un ca-certificates <none> <none> (no description available) Proposed solution: Either all Python interpreter packages or libssl should pull in ca-certificates. Christian -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.6.11-300.fc32.x86_64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages python3 depends on: ii libpython3-stdlib 3.7.3-1 ii python3-minimal 3.7.3-1 ii python3.7 3.7.3-2+deb10u1 python3 recommends no packages. Versions of packages python3 suggests: pn python3-doc <none> pn python3-tk <none> pn python3-venv <none> -- no debconf information
