Message351979
If you use pubkeys.txt from https://www.python.org/static/files/pubkeys.txt, then GPG verification gives you no additional security. An attack with write access to www.python.org or access to the private key of www.python.org can easily replace the pubkeys.txt with a key file under his control. You only get additional security if you retrieve the key from a different location *and* verify that the key owned by Łukasz. |
|
Date |
User |
Action |
Args |
2019-09-11 16:49:27 | christian.heimes | set | recipients:
+ christian.heimes, ned.deily, lukasz.langa, mattip, lkollar |
2019-09-11 16:49:27 | christian.heimes | set | messageid: <1568220567.52.0.655316245532.issue37967@roundup.psfhosted.org> |
2019-09-11 16:49:27 | christian.heimes | link | issue37967 messages |
2019-09-11 16:49:27 | christian.heimes | create | |
|