Author techtonik
Recipients Arfrever, alexis, barry, eric.araujo, loewis, skrah, tarek, techtonik
Date 2011-06-01.15:11:11
SpamBayes Score 0.00095702
Marked as misclassified No
Message-id <>
In-reply-to <>
On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <> wrote:
>> Distutils doesn't validate PyPI server certificate, so this change
>> doesn't prevent from MITM attacks, but at least it makes package
>> submissions over wireless channels and public networks safer.
> Is that so? It's been a while, but I think e.g. ettercap is a highly
> automated tool for MITM attacks that isn't very hard to use.

This patch won't help against properly baited ettercap, but will
prevent transit sniffing of weakly protected passwords.
anatoly t.
Date User Action Args
2011-06-01 15:11:12techtoniksetrecipients: + techtonik, loewis, barry, tarek, eric.araujo, Arfrever, skrah, alexis
2011-06-01 15:11:11techtoniklinkissue12226 messages
2011-06-01 15:11:11techtonikcreate