[Python-Dev] SSL certificates recommendations for downstreampython packagers
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Wed Feb 1 22:38:23 EST 2017
More information about the Python-Dev mailing list
Wed Feb 1 22:38:23 EST 2017
- Previous message (by thread): [Python-Dev] SSL certificates recommendations for downstreampython packagers
- Next message (by thread): [Python-Dev] SSL certificates recommendations for downstreampython packagers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cory Benfield writes: > The TL;DR is: I understand Christian’s concern, but I don’t think > it’s important if you’re very, very careful. But AIUI, the "you" above is the end-user or admin of end-user's system, no? We know that they aren't very careful (or perhaps more accurate, this is too fsckin' complicated for anybody but an infosec expert to do very well). I[1] still agree with you that it's *unlikely* that end-users/admins will need to worry about it. But we need to be really careful about what we say here, or at least where the responsible parties will be looking. Thanks to all who are contributing so much time and skull sweat on this. This is insanely hard, but important. Footnotes: [1] Infosec wannabe, I've thought carefully but don't claim real expertise.
- Previous message (by thread): [Python-Dev] SSL certificates recommendations for downstreampython packagers
- Next message (by thread): [Python-Dev] SSL certificates recommendations for downstreampython packagers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list