[python-committers] SSH fingerprint
Antoine Pitrou
solipsis at pitrou.net
Mon Mar 25 17:34:05 CET 2013
>> We have new contributors (who don't have a pre-existing key) use RSA:
>> http://docs.python.org/devguide/faq.html#id1 .
>
> I was trying to avoid a man-in-the-middle attack by verifying the
> server's key fingerprint. Those server fingerprints should be documented.
Well if a MITM attacker tries to use your ssh access to do anything nasty,
another developer will probably notice quite quickly.
(the only "nasty thing" the ssh access allows you to do is "hg push",
IIRC; still, that can trigger code execution on the buildbots)
Regards
Antoine.
More information about the python-committers
mailing list