[openstack-dev] [Horizon] the future of angularjs development in Horizon

Jeremy Stanley fungi at yuggoth.org
Fri Nov 14 19:39:33 UTC 2014

On 2014-11-15 02:57:15 +0800 (+0800), Thomas Goirand wrote:
> Do you realize that with the TLS system, you have to trust every
> and all CA, while with PGP, you only need to trust a single
> fingerprint?

Technically not true *if* the package retrieval tools implement
certificate pinning rather than trusting any old CA (after all,
they're not Web browsers, so they could in theory do that with
minimal impact).

Too bad https://github.com/pypa/pip/issues/1168 hasn't gotten much
Jeremy Stanley

More information about the OpenStack-dev mailing list