[Distutils] PyPI Migrated to New Infrastructure with some Breakage
Donald Stufft
donald at stufft.io
Mon Jan 27 13:31:52 CET 2014
On Jan 27, 2014, at 7:28 AM, Alex Clark <aclark at aclark.net> wrote:
> Donald Stufft <donald <at> stufft.io> writes:
>
>>
>>
>>
>> Just a follow up.
>> - OAuth is busted
>>
>>
>> These two issues existed prior to the migration as far as I can tell.
>
> Correct. We've discussed Oauth in IRC and this ticket has existed since late
> last year:
>
> -
> https://bitbucket.org/pypa/pypi/issue/85/oauth-authorise-not-found-https-must-be
>
> I'm bringing it up now because I'm still interested in seeing it fixed. IIUC
> MvL correctly, it happened around the time of the CDN switch.
>
> In any event, there is a portion of traffic going to/from PyPI unencrypted
> and PyPI needs it to be encrypted. This leads to the confusing error message
> when trying to do OAuth over "https". You talk https to the end point, and
> the end point (seemingly) responds "I need this to be https”.
It’s very unlikely for something to happen over not HTTPS now. The backend
servers for PyPI do not offer a non HTTPS port, and Fastly has a blanket
HTTP -> HTTPS redirect. Most likely the issue is just that PyPI isn’t realizing
that it’s being accessed via HTTPS.
>
>
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140127/9f536d1c/attachment.sig>
More information about the Distutils-SIG
mailing list