Message137569
I think there should be a warning that the connection is unauthenticated
(i.e. not secure). Users tend to be upset if they see 'https' and later
find out that no certificates were verified.
A reasonably secure alternative is to publish the pypi server
certificate in a couple of places (python-dev, www.python.org).
Then the user can import the certificate into the browser while
on a trusted connection and henceforth do all uploading etc.
via the browser. |
|
Date |
User |
Action |
Args |
2011-06-03 18:39:05 | skrah | set | recipients:
+ skrah, loewis, fdrake, barry, techtonik, tarek, jwilk, eric.araujo, Arfrever, alexis |
2011-06-03 18:39:04 | skrah | set | messageid: <1307126344.9.0.702994262294.issue12226@psf.upfronthosting.co.za> |
2011-06-03 18:39:04 | skrah | link | issue12226 messages |
2011-06-03 18:39:04 | skrah | create | |
|