[Distutils] PyPI Migrated to New Infrastructure with some Breakage

Donald Stufft donald at stufft.io
Mon Jan 27 13:31:52 CET 2014

On Jan 27, 2014, at 7:28 AM, Alex Clark <aclark at aclark.net> wrote:

> Donald Stufft <donald <at> stufft.io> writes:
>> Just a follow up.
>> - OAuth is busted
>> These two issues existed prior to the migration as far as I can tell.
> Correct. We've discussed Oauth in IRC and this ticket has existed since late
> last year:
> -
> https://bitbucket.org/pypa/pypi/issue/85/oauth-authorise-not-found-https-must-be
> I'm bringing it up now because I'm still interested in seeing it fixed. IIUC
> MvL correctly, it happened around the time of the CDN switch.
> In any event, there is a portion of traffic going to/from PyPI unencrypted
> and PyPI needs it to be encrypted. This leads to the confusing error message
> when trying to do OAuth over "https". You talk https to the end point, and
> the end point (seemingly) responds "I need this to be https”.

It’s very unlikely for something to happen over not HTTPS now. The backend
servers for PyPI do not offer a non HTTPS port, and Fastly has a blanket
HTTP -> HTTPS redirect. Most likely the issue is just that PyPI isn’t realizing
that it’s being accessed via HTTPS.

> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140127/9f536d1c/attachment.sig>

More information about the Distutils-SIG mailing list