[Catalog-sig] Pull request to migrate PyPI to bcrypt

[Christian Heimes]

Am 11.02.2013 13:26, schrieb M.-A. Lemburg:
> Why not leave the decision to change the password to the PyPI users
> and only do a blog post and perhaps have a banner on PyPI to notify
> them ?
> 
> After all, unlike for the wiki installation, the PyPI passwords were
> not compromised.

It depends on your level of paranoia. Technically they are potentially
compromised. The passwords were and are still transmitted over
non-encrypted HTTP connections. </nitpicking>