Stefan Krah stefan-use...@bytereef.org added the comment:
I agree with Éric: This is a duplicate.
--
nosy: +skrah
resolution: - duplicate
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12358
New submission from anatoly techtonik techto...@gmail.com:
Please add this as a child of master issue12357.
When default protocol to upload to PyPI is switched to HTTPS in issue12226, the
next step is to validate the certificate. Certificate validation requires that
we will either:
1.
Changes by anatoly techtonik techto...@gmail.com:
--
assignee: - tarek
components: +Distutils, Distutils2
nosy: +alexis, eric.araujo, tarek
versions: +Python 2.7, Python 3.1, Python 3.2
___
Python tracker rep...@bugs.python.org
Éric Araujo mer...@netwok.org added the comment:
I’m going to close this report as a duplicate. The discussion about validation
is already started on the other report, and I don’t want to commit first one
patch with false security (use HTTPS), then a patch to validate: they should be
one
anatoly techtonik techto...@gmail.com added the comment:
That's two separate tickets. I intentionally wasted my time opening several of
them to avoid making issues overcomplicated, so that they are manageable for
review and won't slip from the next release.
Ping me in GTalk if you want to
anatoly techtonik techto...@gmail.com added the comment:
Mind you that HTTPS access without certificate validation is not a false
security - even without certificate it provides a good protection from passive
attacks.
--
___
Python tracker
Éric Araujo mer...@netwok.org added the comment:
I don’t see why you think we need two tickets. I will not commit the partial
patch from the other bug, and I don’t think it’s overcomplicated to think about
“use HTTPS with certificate checking”.
About GTalk/Jabber: I prefer to discuss openly
anatoly techtonik techto...@gmail.com added the comment:
If tickets are small and easy, they can be committed faster. I wouldn't open
another one if this small patch was committed in time. As I already explained,
adding certificate check to HTTPS is a further security enhancement, and here
is
