Message 137569 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	skrah
Recipients	Arfrever, alexis, barry, eric.araujo, fdrake, jwilk, loewis, skrah, tarek, techtonik
Date	2011-06-03.18:39:04
SpamBayes Score	0.01048285
Marked as misclassified	No
Message-id	<1307126344.9.0.702994262294.issue12226@psf.upfronthosting.co.za>
In-reply-to

Content
I think there should be a warning that the connection is unauthenticated (i.e. not secure). Users tend to be upset if they see 'https' and later find out that no certificates were verified. A reasonably secure alternative is to publish the pypi server certificate in a couple of places (python-dev, www.python.org). Then the user can import the certificate into the browser while on a trusted connection and henceforth do all uploading etc. via the browser.

I think there should be a warning that the connection is unauthenticated
(i.e. not secure). Users tend to be upset if they see 'https' and later
find out that no certificates were verified.


A reasonably secure alternative is to publish the pypi server
certificate in a couple of places (python-dev, www.python.org).
Then the user can import the certificate into the browser while
on a trusted connection and henceforth do all uploading etc.
via the browser.

History
Date	User	Action	Args
2011-06-03 18:39:05	skrah	set	recipients: + skrah, loewis, fdrake, barry, techtonik, tarek, jwilk, eric.araujo, Arfrever, alexis
2011-06-03 18:39:04	skrah	set	messageid: <1307126344.9.0.702994262294.issue12226@psf.upfronthosting.co.za>
2011-06-03 18:39:04	skrah	link	issue12226 messages
2011-06-03 18:39:04	skrah	create