R. David Murray added the comment: To expand on that point a little: in the past, I could happily use the SMTP_SSL class (say) without thinking about certificates or server hostname verification, or pretty much of anything. This produced no verification, of course, which is the problem we are trying to solve. So we should have recipes *somewhere* in the docs that show how to use these facilities securely. It isn't obvious what the default security level currently is.
---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20913> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
