[Catalog-sig] HTTPS now promoted on PyPI

Richard Jones r1chardj0n3s at gmail.com
Wed Feb 20 03:52:29 CET 2013


On 20 February 2013 09:47, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> On 20 February 2013 09:08, PJ Eby <pje at telecommunity.com> wrote:
>> On Tue, Feb 19, 2013 at 8:35 AM, Giovanni Bajo <rasky at develer.com> wrote:
>>> I would be OK with redirecting for browsers (matching the user agent for
>>> instance), but I would try to disable for tools as much as possible.
>>
>> Matching paths is an option, too: the /simple index is intended for
>> tools, and the main /pypi index for humans.
>
> I'll wait to hear back what the situation is with the overloaded Stud.
> I'll then look at staged switchover starting with /pypi.

I understand this has been addressed. I will now look at switching
/pypi HTTPS redirection back on, but leave /packages etc. alone for
now.


> I still need
> to look into how/why the OpenID /id functionality broke (and whether
> /oauth also broke.)

I believe the OpenID functionality works correctly using HTTPS now. I
believe OAuth was OK.


     Richard


More information about the Catalog-SIG mailing list