[Pythonmac-SIG] Authenticity for Package Manager

[Bob Ippolito]

So now that I've got pythonmac.org, with a browser-acceptable SSL 
certificate, I think we definitely ought to add verification support to 
Package Manager.  This way the user could say "always trust this SSL 
certificate" (with maybe built-in support for trusting mine ;) and then 
we'd have one security issue nailed (dns hijacking or other man in the 
middle attacks), at least to the point that industry standard SSL is 
concerned.

Can standard MacPython do this on its own, or would this functionality 
require the PyOpenSSL module?

Thoughts?

-bob