Am 25.03.13 17:34, schrieb Antoine Pitrou: > >>> We have new contributors (who don't have a pre-existing key) use RSA: >>> http://docs.python.org/devguide/faq.html#id1 . >> >> I was trying to avoid a man-in-the-middle attack by verifying the >> server's key fingerprint. Those server fingerprints should be documented. > > Well if a MITM attacker tries to use your ssh access to do anything nasty, > another developer will probably notice quite quickly. > (the only "nasty thing" the ssh access allows you to do is "hg push", > IIRC; still, that can trigger code execution on the buildbots)
I thought the same first, but for the sufficiently-paranoid there actually is a threat in spoofing hg.python.org: - if you are not talking to the right server, hg pull might bring a trojan horse on your system, which you might then run into when trying to build Python. OTOH, there is actually *no* threat at all for men-in-the-*middle*. Anybody spoofing hg.python.org could not simultaneously connect successfully to the actual hg.python.org, since they don't have any authorized key, and since they cannot trick the actual client in providing the proper token that the server would verify, see e.g. http://utcc.utoronto.ca/~cks/space/blog/tech/SshAndMitM Regards, Martin _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
