[issue12226] use secured channel for uploading packages to pypi
Stefan Krah
report at bugs.python.org
Fri Jun 3 20:39:04 CEST 2011
Stefan Krah <stefan-usenet at bytereef.org> added the comment:
I think there should be a warning that the connection is unauthenticated
(i.e. not secure). Users tend to be upset if they see 'https' and later
find out that no certificates were verified.
A reasonably secure alternative is to publish the pypi server
certificate in a couple of places (python-dev, www.python.org).
Then the user can import the certificate into the browser while
on a trusted connection and henceforth do all uploading etc.
via the browser.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12226>
_______________________________________
More information about the Python-bugs-list
mailing list