Is the plan to use what is proposed in
http://mail.python.org/pipermail/catalog-sig/2009-March/002018.html in
practice?
You mean, is it implemented and deployed? Sure - just try for yourself.
Is more information available about this?
This is not a very specific question. The answer is certainly: yes, e.g.
the source code of PyPI.
Does this protect against man-in-the-middle attacks?
Hmm. This is also not very specific. Sometimes yes, sometimes no.
It protects against men sitting in the middle of a package download, and
also against men sitting on a mirror (which are both in the middle
between PyPI and the user).
It doesn't protect against men sitting in the middle of the serverkey
download, or men sitting in the middle of a setuptools installation
process, or men sitting on PyPI itself (which would be in the middle
between the package author and the user).
Regards,
Martin
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
