Well if a MITM attacker tries to use your ssh access to do anything nasty,
another developer will probably notice quite quickly.
(the only "nasty thing" the ssh access allows you to do is "hg push",
IIRC; still, that can trigger code execution on the buildbots)
Sure, but it would be better to actually have the fingerprints to avoid
the MITM attack altogether.
Can someone log into hg.python.org and get the public keys for the server?
_______________________________________________
python-committers mailing list
python-committers@python.org
http://mail.python.org/mailman/listinfo/python-committers
