Comment 5 for bug 1015477

Hello there,

I've never particularly engaged the Linux Distro, much less the Ubuntu, packaging process so forgive me if I'm doing this wrong.

I'm a pip maintainer and I would like to get this fixed in Ubuntu. I see that saucy has pip 1.4.1, raring has 1.3.1, quantal has 1.1, precise has 1.0, and lucid has 0.3.1. This means that the fix is already in place for saucy and raring but that using pip in quantal, precise, and lucid essentially allows someone in the position to MITM traffic to execute arbitrary Python code (ref CVE-2013-1629).

So I'm not sure what the options are for fixing this, easiest from my point of view is to upgrade any version of pip pre 1.3 to at least pip 1.3 so that it gets TLS verification and folks are safer when using pip. Is this an option?