On 8/21/2014 7:25 PM, Nick Coghlan wrote:
<mailto:benjamin@python.org>> wrote:
>
> Perhaps some board members could comment, but I hope the PSF could just
> pay a few hundred a year for a proper certificate.
That's exactly what we're doing - MAL reminded me we reached the same
conclusion last time this came up, we'll just track it better this time
to make sure it doesn't slip through the cracks again.
(And yes, switching to forced HTTPS once this is addressed would also be
a good idea - we'll add it to the list)
I just switched from a 'low variety' short password of the sort almost crackable with brute force (today, though not several years ago) to a higher variety longer password. People with admin privileges on the tracker might be reminded to recheck. What was adequate 10 years ago is not so now.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/gokoproject%40gmail.com