Hi,
related to http://bugs.python.org/issue12226, I think it would be nice to
add a link to the SSL connection to the PyPI front page:
--- a/pypi.html 2011-06-04 10:05:47.0 +0200
+++ b/pypi.html 2011-06-04 10:05:41.0 +0200
@@ -177,6 +177,19 @@
br clear=right
+div
Hi,
related to http://bugs.python.org/issue12226, I think it would be nice to
add a link to the SSL connection to the PyPI front page:
Which makes me wonder, why is it that PyPI doesn't use a universally
accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
myself but would
Which makes me wonder, why is it that PyPI doesn't use a universally
accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
myself but would prefer using a cert by one of the commercial CAs for
the sake of the users.
Any opinions?
Primarily because of lack of volunteer
Martin v. Löwis wrote:
Which makes me wonder, why is it that PyPI doesn't use a universally
accepted SSL cert instead of the CAcert one? Note: I'm a CAcert assurer
myself but would prefer using a cert by one of the commercial CAs for
the sake of the users.
Any opinions?
Primarily because
It depends on the threat model which is worse.
If you're worried about the Chinese govt inserting malicious packages
to track dissidents then using an universally accepted SSL cert is a
bad idea. It's easy for a powerful and motivated attacker to get
arbitrary certs signed.
If you think that
Installing it is not really such a major task, once you have
the paperwork done. Should we take this to the PSF board for
discussion ?
Essentially, I don't want to deal with that CA bureaucracy at all.
If you think that by taking it to the PSF board, you get all the
issues resolved, please go
Martin v. Löwis wrote:
Installing it is not really such a major task, once you have
the paperwork done. Should we take this to the PSF board for
discussion ?
Essentially, I don't want to deal with that CA bureaucracy at all.
I can understand that :-)
If you think that by taking it to the