>From antoine: """
Hostname matching is backported in http://pypi.python.org/pypi/backports.ssl_match_hostname/ Regards Antoine. """ On Tuesday, February 12, 2013 at 1:36 PM, PJ Eby wrote: > On Sat, Feb 9, 2013 at 7:54 PM, Giovanni Bajo <[email protected] > (mailto:[email protected])> wrote: > > The problem with this approach is that Python standard library does not > > validate SSL certificates. So even if you force a urllib-based tool to > > access PyPI through https, it doesn't help at all in case of a MITM attack. > > > > FWIW, if someone provides a suitable *cross-platform* urllib > monkeypatch that does certificate validation, even if it only > validates PyPI's certificate, I'll add it to setuptools and issue a > patch release that uses it, and has its default index URL updated to > the https version. > _______________________________________________ > Catalog-SIG mailing list > [email protected] (mailto:[email protected]) > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
