Message181405
Python 2.6 can get remote certificate and compute a hash of it, and compare that hash with a known fingerprint. This is what mercurial does.
No proper certificate chain, but secure as far as the PYPI certificate doesn't change.
This would be not a "final" solution, but it is a tiny patch and far safer than current approach.
Then cross fingers for PYPI certificate stability :-). |
|
Date |
User |
Action |
Args |
2013-02-05 02:53:33 | jcea | set | recipients:
+ jcea, gvanrossum, loewis, barry, georg.brandl, pitrou, larry, christian.heimes, benjamin.peterson, tarek, eric.araujo, hynek, dstufft |
2013-02-05 02:53:33 | jcea | set | messageid: <1360032813.22.0.0138798997958.issue17121@psf.upfronthosting.co.za> |
2013-02-05 02:53:33 | jcea | link | issue17121 messages |
2013-02-05 02:53:32 | jcea | create | |
|