Message 181405 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jcea
Recipients	barry, benjamin.peterson, christian.heimes, dstufft, eric.araujo, georg.brandl, gvanrossum, hynek, jcea, larry, loewis, pitrou, tarek
Date	2013-02-05.02:53:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1360032813.22.0.0138798997958.issue17121@psf.upfronthosting.co.za>
In-reply-to

Content
Python 2.6 can get remote certificate and compute a hash of it, and compare that hash with a known fingerprint. This is what mercurial does. No proper certificate chain, but secure as far as the PYPI certificate doesn't change. This would be not a "final" solution, but it is a tiny patch and far safer than current approach. Then cross fingers for PYPI certificate stability :-).

Python 2.6 can get remote certificate and compute a hash of it, and compare that hash with a known fingerprint. This is what mercurial does.

No proper certificate chain, but secure as far as the PYPI certificate doesn't change.

This would be not a "final" solution, but it is a tiny patch and far safer than current approach.

Then cross fingers for PYPI certificate stability :-).

History
Date	User	Action	Args
2013-02-05 02:53:33	jcea	set	recipients: + jcea, gvanrossum, loewis, barry, georg.brandl, pitrou, larry, christian.heimes, benjamin.peterson, tarek, eric.araujo, hynek, dstufft
2013-02-05 02:53:33	jcea	set	messageid: <1360032813.22.0.0138798997958.issue17121@psf.upfronthosting.co.za>
2013-02-05 02:53:33	jcea	link	issue17121 messages
2013-02-05 02:53:32	jcea	create