[issue12226] use secured channel for uploading packages to pypi

[Éric Araujo]

Éric Araujo <merwok at netwok.org> added the comment:

> I think there should be a warning that the connection is
> unauthenticated (i.e. not secure). Users tend to be upset if they see
> 'https' and later find out that no certificates were verified.

Thanks Stephan, that was on my mind but I forgot it.  I’m -1 on using https if no validation is performed.

> I believe that's a very personal judgement.

Not really; it’s an explanation of our release rules, exposed by one of the older developers.

> For me exposing core Python development accounts is a fundamental
> flaw.

What is a core Python development account?

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12226>
_______________________________________