anatoly techtonik <techto...@gmail.com> added the comment: On Wed, Jun 1, 2011 at 10:30 AM, Stefan Krah <rep...@bugs.python.org> wrote: > >> Distutils doesn't validate PyPI server certificate, so this change >> doesn't prevent from MITM attacks, but at least it makes package >> submissions over wireless channels and public networks safer. > > Is that so? It's been a while, but I think e.g. ettercap is a highly > automated tool for MITM attacks that isn't very hard to use.
This patch won't help against properly baited ettercap, but will prevent transit sniffing of weakly protected passwords. -- anatoly t. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue12226> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
