On Monday, February 4, 2013 at 8:31 AM, Giovanni Bajo wrote: > Not that I'm against it doing it on the server side for now, anyway. It'll > still be useful to users manually browsing to PyPI.
This is where it's important. If you're capable of MITM'ing pip you're capable of MITM'ing a web browser. It would not be a fun day if a password (or session cookie) got stolen via a MITM because someone signed on in a coffee shop (or at Pycon etc).
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
