[Python-Dev] Thoughts fresh after EuroPython (original) (raw)
geremy condra debatem1 at gmail.com
Mon Jul 26 14:10:02 CEST 2010
- Previous message: [Python-Dev] Thoughts fresh after EuroPython
- Next message: [Python-Dev] Thoughts fresh after EuroPython
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jul 26, 2010 at 4:52 AM, Tarek Ziadé <ziade.tarek at gmail.com> wrote:
On Mon, Jul 26, 2010 at 1:20 PM, geremy condra <debatem1 at gmail.com> wrote:
On Mon, Jul 26, 2010 at 4:02 AM, Tarek Ziadé <ziade.tarek at gmail.com> wrote:
On Sat, Jul 24, 2010 at 4:08 PM, Guido van Rossum <guido at python.org> wrote:
Mirroring apparently also requires some client changes. Mirrors can be used as long as you manually point a mirror when using them. We we are working on making the switch automatic. I think we've talked briefly about this before, but let me reiterate that getting this right from a security point of view is quite a bit harder than it at first appears, and IMHO it is worth getting right. FWIW, Martin has added a section about mirror authenticity in the PEP: http://www.python.org/dev/peps/pep-0381/#mirror-authenticity
This is more-or-less what was discussed earlier, and from what's described here I think the concerns I voiced stand. What's the right way to do disclosure on this sort of issue?
Geremy Condra
- Previous message: [Python-Dev] Thoughts fresh after EuroPython
- Next message: [Python-Dev] Thoughts fresh after EuroPython
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]