[issue12226] use secured channel for uploading packages to pypi
report at bugs.python.org
Wed Jun 1 17:11:12 CEST 2011
anatoly techtonik <techtonik at gmail.com> added the comment:
On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <report at bugs.python.org> wrote:
>> Distutils doesn't validate PyPI server certificate, so this change
>> doesn't prevent from MITM attacks, but at least it makes package
>> submissions over wireless channels and public networks safer.
> Is that so? It's been a while, but I think e.g. ettercap is a highly
> automated tool for MITM attacks that isn't very hard to use.
This patch won't help against properly baited ettercap, but will
prevent transit sniffing of weakly protected passwords.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list