[Python-Dev] SSL certificates recommendations for downstreampython packagers
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Wed Feb 1 22:38:23 EST 2017
Cory Benfield writes:
> The TL;DR is: I understand Christian’s concern, but I don’t think
> it’s important if you’re very, very careful.
But AIUI, the "you" above is the end-user or admin of end-user's
system, no? We know that they aren't very careful (or perhaps more
accurate, this is too fsckin' complicated for anybody but an infosec
expert to do very well).
I[1] still agree with you that it's *unlikely* that end-users/admins
will need to worry about it. But we need to be really careful about
what we say here, or at least where the responsible parties will be
looking.
Thanks to all who are contributing so much time and skull sweat on
this. This is insanely hard, but important.
Footnotes:
[1] Infosec wannabe, I've thought carefully but don't claim real
expertise.
More information about the Python-Dev
mailing list