[prev in list] [next in list] [prev in thread] [next in thread]
List: python-dev
Subject: Re: [Python-Dev] Sniffing passwords from PyPI using insecure
From: Terry Reedy <tjreedy () udel ! edu>
Date: 2011-05-31 19:05:29
Message-ID: is3e5o$qou$1 () dough ! gmane ! org
[Download RAW message or body]
On 5/31/2011 1:04 PM, anatoly techtonik wrote:
> Hi,
>
> I'd like to escalate http://bugs.python.org/issue12226 : 'use secured
> channel for uploading packages to pypi' to be shipped with next Python
> 2.6+
> This will prevent pydotorg password sniffing when submitting packages
> through public networks (such as hotels).
The requested one character change is
- DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
+ DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-dev%40progressive-comp.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic