Hi Team , In Python installation **is there any need of the below files or it can be deleted ?**This has been raised as a security issue in one of our product packages where python is being used.
/usr/local/lib/python3.9/test/badkey.pem, /usr/local/lib/python3.9/test/idnsans.pem, /usr/local/lib/python3.9/test/keycert.passwd.pem, /usr/local/lib/python3.9/test/keycert.pem, /usr/local/lib/python3.9/test/keycert2.pem, /usr/local/lib/python3.9/test/keycert3.pem, /usr/local/lib/python3.9/test/keycert4.pem, /usr/local/lib/python3.9/test/keycertecc.pem, /usr/local/lib/python3.9/test/pycakey.pem, /usr/local/lib/python3.9/test/ssl_key.passwd.pem, /usr/local/lib/python3.9/test/ssl_key.pem
Thanks and Regards,
It seems that a package leaked its test suite to distribution stage,
and the packaging system mistaken it as package
test. You will need
to track down which package it is and patch it from including
That’s from Python’s (specifically CPython’s) testsuite. It’s
installed by a simple
make install in the source tree, for
example. It’s not necessary to operation of the interpreter or
stdlib, however, and can be removed if desired.
I assume the security concern, which was not actually stated above, is due to the suspicion of leaked keys. However, AFAIK those are all dummy keys used by the Python test suite to test the ssl/crypto related functionality of Python, and thus do not present a security concern and can be ignored.
All those files fall under the test suite which is not required for Python to work.
Thanks all for such quick response , appreciate all.
Since Python 3.10, it’s easy to disable building and installing tests using the —disable-test-modules configure switch.