Message181317
I would strongly prefer to back port certificate validation instead. Is there anything *practical* that makes it hard/impossible?
If we want to keep features stable, we can add it privately so it’s only usable by distutils. The susceptibility to (easy!) MITM attacks can be counted as a security bug and this seems the most practical resolve. |
|
Date |
User |
Action |
Args |
2013-02-04 12:03:51 | hynek | set | recipients:
+ hynek, gvanrossum, loewis, gregory.p.smith, pitrou, christian.heimes, tarek, eric.araujo |
2013-02-04 12:03:51 | hynek | set | messageid: <1359979431.5.0.902821866699.issue17121@psf.upfronthosting.co.za> |
2013-02-04 12:03:51 | hynek | link | issue17121 messages |
2013-02-04 12:03:51 | hynek | create | |
|