[Python-Dev] [RELEASED] Python 3.4.0b2
Michael Urman
murman at gmail.com
Mon Jan 6 17:26:47 CET 2014
On Mon, Jan 6, 2014 at 9:43 AM, Guido van Rossum <guido at python.org> wrote:
> Since MSIEXEC.EXE is a legit binary (not coming from our packager) and
> Akamai is a legitimate company (MS most likely has an agreement with
> them), at this point I would assume that there's something that
> MSIEXEC.EXE wants to get from Akamai, which is unintentionally but
> harmlessly triggered by the Python install. Could it be checking for
> upgrades?
Here's some more guesswork. Does it seem possible that msiexec is
trying to verify the revocation status of the certificate used to sign
the python .msi file? Per
http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx
it looks like crl.microsoft.com is the host; this is hosted on akamai:
crl.microsoft.com is an alias for crl.www.ms.akadns.net.
crl.www.ms.akadns.net is an alias for a1363.g.akamai.net.
There are various things you could try to verify this. You could test
with simpler .msi files where one is signed and another is not signed
(I'll leave it up to you to find such things, but ORCA is a common
"test" .msi file). Or you could take a verbose log of the installation
process (msiexec /l*v python.log python.msi OR
http://support.microsoft.com/kb/223300), sit on the prompt for network
access so you can uniquely identify the log's timestamps, and try to
identify at what point of the installation the network access occurs.
Once that is known, more steps can be taken to identify and resolve
any actual issues.
Michael
More information about the Python-Dev
mailing list