Hynek Schlawack added the comment: I would strongly prefer to back port certificate validation instead. Is there anything *practical* that makes it hard/impossible?
If we want to keep features stable, we can add it privately so it’s only usable by distutils. The susceptibility to (easy!) MITM attacks can be counted as a security bug and this seems the most practical resolve. ---------- nosy: +hynek _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17121> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
