[issue12226] use secured channel for uploading packages to pypi
Éric Araujo
report at bugs.python.org
Sat Jun 4 16:33:46 CEST 2011
Éric Araujo <merwok at netwok.org> added the comment:
> I think there should be a warning that the connection is
> unauthenticated (i.e. not secure). Users tend to be upset if they see
> 'https' and later find out that no certificates were verified.
Thanks Stephan, that was on my mind but I forgot it. I’m -1 on using https if no validation is performed.
> I believe that's a very personal judgement.
Not really; it’s an explanation of our release rules, exposed by one of the older developers.
> For me exposing core Python development accounts is a fundamental
> flaw.
What is a core Python development account?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12226>
_______________________________________
More information about the Python-bugs-list
mailing list