Stefan Krah <stefan-use...@bytereef.org> added the comment: I think there should be a warning that the connection is unauthenticated (i.e. not secure). Users tend to be upset if they see 'https' and later find out that no certificates were verified.
A reasonably secure alternative is to publish the pypi server certificate in a couple of places (python-dev, www.python.org). Then the user can import the certificate into the browser while on a trusted connection and henceforth do all uploading etc. via the browser. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue12226> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
