[pydotorg-www] project plan
"Martin v. Löwis"
martin at v.loewis.de
Tue Apr 20 07:53:05 CEST 2010
Richard Leland wrote:
> Good to know about this - seems like if we're going to put the effort
> into figuring out what the revamp entails we should add this to the list
> of goals. Could be a good opportunity to look at other parts of
> python.org <http://python.org> (besides PyPI) to see if there are any
> other security issues we should be thinking about as well.
For Python binaries proper: they are PGP-signed, so in principle, it
would be possible for users to verify that they have not been tampered
with - although I doubt many people actually run this check. For the MSI
file, there is also a Verisign code signature on it, which Windows will
check (although people might not worry if it stops being available after
a hijack).
Regards,
Martin
More information about the pydotorg-www
mailing list