Donald Stufft <don...@stufft.io> wrote: > I said ?meaningful?. Almost nobody is going to ever bother googling it and > the likelihood that someone is able to MITM *you* specifically is far lesser > than the likelihood that someone is going to MITM one of the cdecimal users.
I'm doing this for important installs. -- That is how I installed qmail and djbdns. > Additionally your messages aren?t signed and email isn?t an authenticated > profile so if someone was able to get your password they could simply spoof > and email from you to the mailing list with new hashes, or edit out the > description > telling people to go google some stuff. Signing messages is pointless if the key isn't well connected. Also, I'm reading the lists and would notice a "release". Most importantly, the checksum mismatch would still be found, since the old messages with the correct sum would still exist under the scenario we're talking about (i.e. not GHCQ hacking into Belgacom routers). Stefan Krah _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
