[issue12226] use secured channel for uploading packages to pypi

anatoly techtonik report at bugs.python.org
Wed Jun 1 17:11:12 CEST 2011

anatoly techtonik <techtonik at gmail.com> added the comment:

On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <report at bugs.python.org> wrote:
>> Distutils doesn't validate PyPI server certificate, so this change
>> doesn't prevent from MITM attacks, but at least it makes package
>> submissions over wireless channels and public networks safer.
> Is that so? It's been a while, but I think e.g. ettercap is a highly
> automated tool for MITM attacks that isn't very hard to use.

This patch won't help against properly baited ettercap, but will
prevent transit sniffing of weakly protected passwords.
anatoly t.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list