[Catalog-sig] Mandatory Reset of PyPI Passwords
Jacob Kaplan-Moss
jacob at jacobian.org
Tue Feb 12 19:10:49 CET 2013
On Tue, Feb 12, 2013 at 6:31 AM, Donald Stufft <donald.stufft at gmail.com> wrote:
> Since the wiki.python.org database was likely compromised and it was using a
> weak
> hash we should probably assume that all passwords in there have been leaked.
> Because
> of this I want to formally propose that PyPI reset it's passwords.
I agree -- please do, sooner rather than later.
If I was the Benevolent Ops Person for PyPI I would reset them
immediately and deal with the fallout. But I'm not the one who'd get
angry emails, so any amount of grace period that Richard/MvL/etc won't
get any argument from me.
Jacob
More information about the Catalog-SIG
mailing list