[New-bugs-announce] [issue17121] SSH upload for distutils
Christian Heimes
report at bugs.python.org
Mon Feb 4 11:03:42 CET 2013
New submission from Christian Heimes:
In the light of Ruby's recent issues and man in the middle attacks on PyPI (http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/) we should include secure uploads in distutils.
Martin has created a SSH uploader for distutils http://pypi.python.org/pypi/pypissh. I suggest that we include the feature in the next security update for Python 2.6 to 3.3. I'm well aware that this beats the "no new feature" clause but in my opinion "security beats purity".
What do you think?
----------
assignee: eric.araujo
components: Distutils
messages: 181313
nosy: christian.heimes, eric.araujo, gregory.p.smith, gvanrossum, loewis, pitrou, tarek
priority: critical
severity: normal
stage: needs patch
status: open
title: SSH upload for distutils
type: security
versions: Python 2.6, Python 2.7, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17121>
_______________________________________
More information about the New-bugs-announce
mailing list