Seth Michael Larson

Agreed with @ned-deily, thanks for the offer to help test Ned! We have an issue already created on the Truststore project if you'd like to follow along there: https://github.com/sethmlarson/truststore/issues/119

Truststore 0.10.0 is available on PyPI and I've created a PR upgrading pip's vendored copy: https://github.com/pypa/pip/pull/13041. Thanks to @ThomasWaldmann for testing on their machine to confirm the fix worked.

Once there's a new pip release then `ensurepip` will need to be updated, too.

Thanks for reporting, if you could submit a PR fixing the issue it would be appreciated.

I'm in agreement that the Maintainer role should be reduced or removed long-term, especially with the vision of privileges around publishing living external to PyPI via Trusted Publishers. See: https://github.com/pypi/warehouse/issues/14300

I wasn't able to get the `ValueError` you're running into to reproduce, is there any other flag you're passing to pip or environment variable that would configure/disable certificate verification? I...

I haven't dug into this issue recently, but the latest release of truststore did make some changes to `check_hostname`, might be worth checking again.

Is there a reason you're using `brotlipy` instead of `brotlicffi`? We migrated the package name a while ago to avoid clobbering the `brotli` module name.

I've asked the Sigstore Python maintainers what the effects of upgrading are for 4.0.0, it was not immediately clear to me what the backwards incompatible changes would mean for our...

Yeah this seems like a Requests bug, unfortunately. Going to close this issue.