Author techtonik
Recipients alexis, eric.araujo, tarek, techtonik
Date 2011-05-31.16:51:04
SpamBayes Score 0.000108033
Marked as misclassified No
Message-id <>
Before the next version is released, I'd like to push this one line modification to reduce the risk of sniffing Python development password when people upload packages to PyPI by using https:// communication channel by default.

Distutils doesn't validate PyPI server certificate, so this change doesn't prevent from MITM attacks, but at least it makes package submissions over wireless channels and public networks safer.

Taking into account that people still release packages for Python 2.5+ (AppEngine), I'd like to see this fix backported to at least Python 2.6
Date User Action Args
2011-05-31 16:51:05techtoniksetrecipients: + techtonik, tarek, eric.araujo, alexis
2011-05-31 16:51:05techtoniksetmessageid: <>
2011-05-31 16:51:04techtoniklinkissue12226 messages
2011-05-31 16:51:04techtonikcreate