Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-dev/2014-September/136152.html below:

Enabling certificate validation by default!

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01.09.2014 17:35, Nick Coghlan wrote:
> Oh, now I get what you mean - yes, sitecustomize already poses the same
> kind of problem as the proposed sslcustomize (hence the existence of the
> related command line options).

If an attacker is able to place a module like sitecustomize.py in an
import directory or any .pth file in a site-packages directory than this
Python installation is compromised. .pth files are insidious because
they are always loaded and their code is always executed. I don't see
how sslcustomize is going to make a difference here.

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4