>> We have new contributors (who don't have a pre-existing key) use RSA: >> http://docs.python.org/devguide/faq.html#id1 . > > I was trying to avoid a man-in-the-middle attack by verifying the > server's key fingerprint. Those server fingerprints should be documented.
Well if a MITM attacker tries to use your ssh access to do anything nasty, another developer will probably notice quite quickly. (the only "nasty thing" the ssh access allows you to do is "hg push", IIRC; still, that can trigger code execution on the buildbots) Regards Antoine. _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
