Message 137584 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	techtonik
Recipients	Arfrever, alexis, barry, eric.araujo, fdrake, jwilk, loewis, skrah, tarek, techtonik
Date	2011-06-03.20:52:43
SpamBayes Score	1.0499517e-05
Marked as misclassified	No
Message-id	<1307134364.91.0.937648462344.issue12226@psf.upfronthosting.co.za>
In-reply-to

Content
Sorry for the delay. I've just uploaded http://pypi.python.org/pypi/ctypesgen/0.r125 from Ubuntu using python2.6 with patched distutils module to https://pypi.python.org/pypi and can confirm it works without problems on Linux. So I can guarantee there won't be any regress in 99.9% of cases and <0.1% of cases that are left, risk of breaking these flaky setups doesn't outweight the need to close this security hole. I can fill separate bug for packaging, server certificate validation and support for non-SSL builds of python (for which there is workaround with upload -r <server> option that I've just discovered), but it is an additional delay and the only reason I invested some time into this issue is because I saw RC announcements. P.S. To Martin. CAcert is not trusted authority on Windows, and all browsers warn about it, so we need to distribute its root certificate with Python if we want to validate ours.

Sorry for the delay. I've just uploaded http://pypi.python.org/pypi/ctypesgen/0.r125 from Ubuntu using python2.6 with patched distutils module to https://pypi.python.org/pypi and can confirm it works without problems on Linux.

So I can guarantee there won't be any regress in 99.9% of cases and <0.1% of cases that are left, risk of breaking these flaky setups doesn't outweight the need to close this security hole.

I can fill separate bug for packaging, server certificate validation and support for non-SSL builds of python (for which there is workaround with upload -r <server> option that I've just discovered), but it is an additional delay and the only reason I invested some time into this issue is because I saw RC announcements.


P.S. To Martin. CAcert is not trusted authority on Windows, and all browsers warn about it, so we need to distribute its root certificate with Python if we want to validate ours.

History
Date	User	Action	Args
2011-06-03 20:52:45	techtonik	set	recipients: + techtonik, loewis, fdrake, barry, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis
2011-06-03 20:52:44	techtonik	set	messageid: <1307134364.91.0.937648462344.issue12226@psf.upfronthosting.co.za>
2011-06-03 20:52:44	techtonik	link	issue12226 messages
2011-06-03 20:52:43	techtonik	create