[Catalog-sig] Mandatory Reset of PyPI Passwords
Noah Kantrowitz
noah at coderanger.net
Tue Feb 12 22:08:58 CET 2013
If this is going to be system wide we should check against and/or reset roundup and any local passwords and dinsdale and albatross.
Jacob Kaplan-Moss <jacob at jacobian.org> wrote:
>On Tue, Feb 12, 2013 at 6:31 AM, Donald Stufft
><donald.stufft at gmail.com> wrote:
>> Since the wiki.python.org database was likely compromised and it was
>using a
>> weak
>> hash we should probably assume that all passwords in there have been
>leaked.
>> Because
>> of this I want to formally propose that PyPI reset it's passwords.
>
>I agree -- please do, sooner rather than later.
>
>If I was the Benevolent Ops Person for PyPI I would reset them
>immediately and deal with the fallout. But I'm not the one who'd get
>angry emails, so any amount of grace period that Richard/MvL/etc won't
>get any argument from me.
>
>Jacob
>_______________________________________________
>Catalog-SIG mailing list
>Catalog-SIG at python.org
>http://mail.python.org/mailman/listinfo/catalog-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130212/29ab260a/attachment.html>
More information about the Catalog-SIG
mailing list