> Of course, there's also a human dimension : we suppose that the people > running the mirror are people we can trust because they can > technically do malicious things in the mirror since we don't really > have any real protection (*yet*).
That's not true: users of mirrors can verify that the mirrors are authentic. Neither can malicious operators modify the contents of their mirrors without clients noticing, nor can careless mirror operators threaten the integrity of a mirror even assuming somebody breaks into the mirror. Regards, Martin _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
