> > We have new contributors (who don't have a pre-existing key) use RSA: > http://docs.python.org/devguide/faq.html#id1 . I was trying to avoid a man-in-the-middle attack by verifying the server's key fingerprint. Those server fingerprints should be documented.