New submission from Christian Heimes: In the light of Ruby's recent issues and man in the middle attacks on PyPI (http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/) we should include secure uploads in distutils.
Martin has created a SSH uploader for distutils http://pypi.python.org/pypi/pypissh. I suggest that we include the feature in the next security update for Python 2.6 to 3.3. I'm well aware that this beats the "no new feature" clause but in my opinion "security beats purity". What do you think? ---------- assignee: eric.araujo components: Distutils messages: 181313 nosy: christian.heimes, eric.araujo, gregory.p.smith, gvanrossum, loewis, pitrou, tarek priority: critical severity: normal stage: needs patch status: open title: SSH upload for distutils type: security versions: Python 2.6, Python 2.7, Python 3.2, Python 3.3, Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17121> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
