[prev in list] [next in list] [prev in thread] [next in thread] 

List:       python-dev
Subject:    Re: [Python-Dev] Sniffing passwords from PyPI using insecure
From:       Terry Reedy <tjreedy () udel ! edu>
Date:       2011-05-31 19:05:29
Message-ID: is3e5o$qou$1 () dough ! gmane ! org
[Download RAW message or body]

On 5/31/2011 1:04 PM, anatoly techtonik wrote:
> Hi,
>
> I'd like to escalate http://bugs.python.org/issue12226 : 'use secured
> channel for uploading packages to pypi' to be shipped with next Python
> 2.6+
> This will prevent pydotorg password sniffing when submitting packages
> through public networks (such as hotels).

The requested one character change is
-    DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
+    DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'

If Tarek (or perhaps Eric) agree that it is appropriate and otherwise 
innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.

Terry Jan Reedy

_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-dev%40progressive-comp.com
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic