Justin Cappos wrote: > It depends on the threat model which is worse. > > If you're worried about the Chinese govt inserting malicious packages > to track dissidents then using an universally accepted SSL cert is a > bad idea. It's easy for a powerful and motivated attacker to get > arbitrary certs signed. > > If you think that the risk of having the certificate stolen, loss of > administrative control, etc. is a bigger threat, then an universally > accepted SSL cert seems the wiser outcome. > > Of course, if distutils and other tools don't check certs, etc. this > is all academic...
I think it has more to do with being user friendly than anything else. A casual user seeing the Firefox warning about an untrusted connection is likely going to revert to using the unsecure HTTP connection rather than accepting an exception to get a secure HTTPS one. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jun 04 2011) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2011-05-23: Released eGenix mx Base 3.2.0 http://python.egenix.com/ 2011-05-25: Released mxODBC 3.1.1 http://python.egenix.com/ 2011-06-20: EuroPython 2011, Florence, Italy 16 days to go ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
