Author skrah
Recipients Arfrever, alexis, barry, eric.araujo, fdrake, jwilk, loewis, skrah, tarek, techtonik
Date 2011-06-03.18:39:04
SpamBayes Score 0.0104828
Marked as misclassified No
Message-id <1307126344.9.0.702994262294.issue12226@psf.upfronthosting.co.za>
In-reply-to
Content
I think there should be a warning that the connection is unauthenticated
(i.e. not secure). Users tend to be upset if they see 'https' and later
find out that no certificates were verified.


A reasonably secure alternative is to publish the pypi server
certificate in a couple of places (python-dev, www.python.org).
Then the user can import the certificate into the browser while
on a trusted connection and henceforth do all uploading etc.
via the browser.
History
Date User Action Args
2011-06-03 18:39:05skrahsetrecipients: + skrah, loewis, fdrake, barry, techtonik, tarek, jwilk, eric.araujo, Arfrever, alexis
2011-06-03 18:39:04skrahsetmessageid: <1307126344.9.0.702994262294.issue12226@psf.upfronthosting.co.za>
2011-06-03 18:39:04skrahlinkissue12226 messages
2011-06-03 18:39:04skrahcreate