Jesús Cea Avión added the comment: Python 2.6 can get remote certificate and compute a hash of it, and compare that hash with a known fingerprint. This is what mercurial does.
No proper certificate chain, but secure as far as the PYPI certificate doesn't change. This would be not a "final" solution, but it is a tiny patch and far safer than current approach. Then cross fingers for PYPI certificate stability :-). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17121> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
