[python-committers] [RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1

2013-03-25 Thread Georg Brandl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the Python development team, I am pleased to announce the first release candidates of Python 3.2.4 and 3.3.1. Python 3.2.4 will be the last regular maintenance release for the Python 3.2 series, while Python 3.3.1 is the first maintenance

Re: [python-committers] SSH fingerprint

2013-03-25 Thread Antoine Pitrou
>> We have new contributors (who don't have a pre-existing key) use RSA: >> http://docs.python.org/devguide/faq.html#id1 . > > I was trying to avoid a man-in-the-middle attack by verifying the > server's key fingerprint. Those server fingerprints should be documented. Well if a MITM attacker trie

Re: [python-committers] SSH fingerprint

2013-03-25 Thread R. David Murray
Note that I believe ECDSA is now the default for host keys for OpenSSH. At the least, my systems (Gentoo) switched to them after an upgrade a a bit a go. --David On Mon, 25 Mar 2013 13:29:48 +0100, Christian Heimes wrote: > Am 25.03.2013 05:51, schrieb Jeffrey Yasskin: > > You missed that ECDSA

Re: [python-committers] SSH fingerprint

2013-03-25 Thread Roger Serwy
We have new contributors (who don't have a pre-existing key) use RSA: http://docs.python.org/devguide/faq.html#id1 . I was trying to avoid a man-in-the-middle attack by verifying the server's key fingerprint. Those server fingerprints should be documented.

Re: [python-committers] SSH fingerprint

2013-03-25 Thread Christian Heimes
Am 25.03.2013 05:51, schrieb Jeffrey Yasskin: > You missed that ECDSA != DSA. Yeah, Elliptic Curve DSA is as secure as RSA while using much shorter keys. ECDSA verification used to be much slower so you may want to prefer RSA for short time connections like hg pull and push. Christian ___

Re: [python-committers] SSH fingerprint

2013-03-25 Thread Brett Cannon
On Mon, Mar 25, 2013 at 1:26 AM, Ned Deily wrote: > > On Mar 24, 2013, at 21:51 , Jeffrey Yasskin wrote: > > > You missed that ECDSA != DSA. > > > Good! Someone is paying attention. :=) Should we all be preferring one > for pydev work? We have new contributors (who don't have a pre-existing k