[Catalog-sig] HTTPS now promoted on PyPI

Nick Coghlan ncoghlan at gmail.com
Tue Feb 19 08:25:36 CET 2013


On Tue, Feb 19, 2013 at 3:13 PM, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> Hi all,
>
> I've just altered the nginx configuration to promote (ie. redirect to)
> HTTPS for all GET/HEAD requests. This includes HSTS, but I've set the
> lifetime to 1 day just in case there's some HTTPS compatibility
> issues. Once it's bedded down I'll bump it to a year.
>
> I looked into distutils, but since it uses urllib and urllib just
> raises an error on 307 redirects we're a little stymied as to what we
> can actually do for POSTs for it...
>
> We really need to fix distutils to replace the HTTP URL with HTTPS and
> handle .pypirc issues. At this point I believe our options are:
>
> 1. live with it,
> 2. incorporate some monkey-patching into distribute and setuptools and
> promote those,
> 3. write a stand-alone uploader (or add such functionality to pip)
> which can monkey-patch distutils,
> 4. fix distutils (and accept a long lead time to actual impact), or

I suggesting getting in touch with Benjamin Petersen and Georg Brandl
ASAP (e.g. through a release blocker for 2.7 and 3.3 on the issue
tracker), as Python 2.7.4 and Python 3.3.1 are planned for this month.

Regards,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


More information about the Catalog-SIG mailing list