[Catalog-sig] Mandatory Reset of PyPI Passwords
Antoine Pitrou
solipsis at pitrou.net
Wed Feb 13 20:42:22 CET 2013
Donald Stufft <donald.stufft <at> gmail.com> writes:
>
> There's no way to determine if users have changed their password. The passlib
> branch will be deployed with automatic migration upon logging in turned off.
So why is the automatic migration turned off? Why not migrate everything
at once as originally proposed?
What's the point of deliberately keeping weak hashes in the database?
Regards
Antoine.
More information about the Catalog-SIG
mailing list