This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author asdfasdfasdfasdfasdfasdfasdf
Recipients asdfasdfasdfasdfasdfasdfasdf, docs@python, orsenthil, pitrou
Date 2010-09-29.14:32:08
SpamBayes Score 0.00452394
Marked as misclassified No
Message-id <AANLkTinWkSQQxzuwJJO94PC7XOTDjqeG0qAcuZCvKzCi@mail.gmail.com>
In-reply-to <1285765909.3168.13.camel@localhost.localdomain>
Content
Yes totally imho these modules should get fixed to actually do ssl checking.
This means that most users of these methods, even if they think they
are doing it properly as per the ssl module page, are still vulnerable
to attack.

I will add this comment to the bug you linked to above.
As an example, it only took a few minutes to confirm that the default
bzr install on ubuntu is vulnerable ->
https://bugs.edge.launchpad.net/bzr/+bug/651161
(bzr is only vulnerable if pycurl isn't installed but pycurl is only a
suggestion not a dependency ... ).
History
Date User Action Args
2010-09-29 14:32:10asdfasdfasdfasdfasdfasdfasdfsetrecipients: + asdfasdfasdfasdfasdfasdfasdf, orsenthil, pitrou, docs@python
2010-09-29 14:32:08asdfasdfasdfasdfasdfasdfasdflinkissue9983 messages
2010-09-29 14:32:08asdfasdfasdfasdfasdfasdfasdfcreate