Seth Michael Larson

@tianon That's good to know that stronger checksum value would be useful, [there's an open issue](https://github.com/python/pythondotorg/issues/1227) for it and I plan to tackle it myself (upgrading to SHA256). Also: a...

@katzj can you update the version ranges so the `versions` aren't backfilled once I merge?

@notatallshaw Great question, pip catches the `ImportError` on the initial import of `truststore` and then falls back to Requests' default behavior which is only certifi: https://github.com/pypa/pip/blob/main/src/pip/_internal/cli/index_command.py#L40

@ichard26 > Are these APIs needed for truststore to function properly? Indeed, they are required. I can submit a PR that doesn't use Truststore if these APIs aren't detected in...

@ichard26 I can certainly add this to Truststore. Let me do that quickly and then pip can rebundle.

Thanks for putting together this proposal @woodruffw! Wanted to add some more evidence that such a plugin system would be used. A while ago I [created a tool](https://github.com/sethmlarson/pip-sbom) for generating...

> I'm curious if explicitly considering this unstable (with the burden for breakage being 100% on plugin authors) changes your mind at all here (and also what the other pip...

Being brief: I was imagining a one-to-one mapping of HTTP2Connection to stream ID and then relying on a global registry of sockets/HTTPStream-like objects so that we can continue using the...

@hold7door Correct! That's already the case for HTTP/1.1 since we don't support pipe-lining.

@mrdaybird Multiplexing is handled by the HTTPSConnectionPool, similar to how you need to use this interface for multiplexing in HTTP/1.1. > Also, where will the socket data(h2 events) be handled?...