Message 137366 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	techtonik
Recipients	alexis, eric.araujo, tarek, techtonik
Date	2011年05月31日.16:51:04
SpamBayes Score	0.00010803302
Marked as misclassified	No
Message-id	<1306860665.45.0.32361907398.issue12226@psf.upfronthosting.co.za>

Content
Before the next version is released, I'd like to push this one line modification to reduce the risk of sniffing Python development password when people upload packages to PyPI by using https:// communication channel by default. Distutils doesn't validate PyPI server certificate, so this change doesn't prevent from MITM attacks, but at least it makes package submissions over wireless channels and public networks safer. Taking into account that people still release packages for Python 2.5+ (AppEngine), I'd like to see this fix backported to at least Python 2.6

Content

Before the next version is released, I'd like to push this one line modification to reduce the risk of sniffing Python development password when people upload packages to PyPI by using https:// communication channel by default.
Distutils doesn't validate PyPI server certificate, so this change doesn't prevent from MITM attacks, but at least it makes package submissions over wireless channels and public networks safer.
Taking into account that people still release packages for Python 2.5+ (AppEngine), I'd like to see this fix backported to at least Python 2.6

History
Date	User	Action	Args
2011年05月31日 16:51:05	techtonik	set	recipients: + techtonik, tarek, eric.araujo, alexis
2011年05月31日 16:51:05	techtonik	set	messageid: <1306860665.45.0.32361907398.issue12226@psf.upfronthosting.co.za>
2011年05月31日 16:51:04	techtonik	link	issue12226 messages
2011年05月31日 16:51:04	techtonik	create

homepage