Message 137435 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	techtonik
Recipients	Arfrever, alexis, barry, eric.araujo, loewis, skrah, tarek, techtonik
Date	2011-06-01.15:11:11
SpamBayes Score	0.00095701986
Marked as misclassified	No
Message-id	<BANLkTik_aFuOfuL=gWmOORi7pCmoNL1U5Q@mail.gmail.com>
In-reply-to	<1306913415.13.0.571167549516.issue12226@psf.upfronthosting.co.za>

Content
On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <report@bugs.python.org> wrote: > >> Distutils doesn't validate PyPI server certificate, so this change >> doesn't prevent from MITM attacks, but at least it makes package >> submissions over wireless channels and public networks safer. > > Is that so? It's been a while, but I think e.g. ettercap is a highly > automated tool for MITM attacks that isn't very hard to use. This patch won't help against properly baited ettercap, but will prevent transit sniffing of weakly protected passwords. -- anatoly t.

On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <report@bugs.python.org> wrote:
>
>> Distutils doesn't validate PyPI server certificate, so this change
>> doesn't prevent from MITM attacks, but at least it makes package
>> submissions over wireless channels and public networks safer.
>
> Is that so? It's been a while, but I think e.g. ettercap is a highly
> automated tool for MITM attacks that isn't very hard to use.

This patch won't help against properly baited ettercap, but will
prevent transit sniffing of weakly protected passwords.
--
anatoly t.

History
Date	User	Action	Args
2011-06-01 15:11:12	techtonik	set	recipients: + techtonik, loewis, barry, tarek, eric.araujo, Arfrever, skrah, alexis
2011-06-01 15:11:11	techtonik	link	issue12226 messages
2011-06-01 15:11:11	techtonik	create