[issue12226] use secured channel for uploading packages to pypi
Antoine Pitrou
report at bugs.python.org
Tue Jun 7 13:16:05 CEST 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
> If you make an HTTPS connection without checking the certificate, what
> security does it add?
Well, it does prevent the most trivial class of attacks (sniffing).
That said, Python has support for certificate checking, especially in 3.2+, so you should use that. You could e.g. bundle the CACert root certificate with the distribution.
----------
nosy: +pitrou
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12226>
_______________________________________
More information about the Python-bugs-list
mailing list