On 2014-11-15 02:57:15 +0800 (+0800), Thomas Goirand wrote:
[...]
> Do you realize that with the TLS system, you have to trust every
> and all CA, while with PGP, you only need to trust a single
> fingerprint?
[...]

Technically not true *if* the package retrieval tools implement
certificate pinning rather than trusting any old CA (after all,
they're not Web browsers, so they could in theory do that with
minimal impact).

Too bad https://github.com/pypa/pip/issues/1168 hasn't gotten much
traction.
-- 
Jeremy Stanley

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to