[Distutils] PyPI Migrated to New Infrastructure with some Breakage
donald at stufft.io
Mon Jan 27 13:31:52 CET 2014
On Jan 27, 2014, at 7:28 AM, Alex Clark <aclark at aclark.net> wrote:
> Donald Stufft <donald <at> stufft.io> writes:
>> Just a follow up.
>> - OAuth is busted
>> These two issues existed prior to the migration as far as I can tell.
> Correct. We've discussed Oauth in IRC and this ticket has existed since late
> last year:
> I'm bringing it up now because I'm still interested in seeing it fixed. IIUC
> MvL correctly, it happened around the time of the CDN switch.
> In any event, there is a portion of traffic going to/from PyPI unencrypted
> and PyPI needs it to be encrypted. This leads to the confusing error message
> when trying to do OAuth over "https". You talk https to the end point, and
> the end point (seemingly) responds "I need this to be https”.
It’s very unlikely for something to happen over not HTTPS now. The backend
servers for PyPI do not offer a non HTTPS port, and Fastly has a blanket
HTTP -> HTTPS redirect. Most likely the issue is just that PyPI isn’t realizing
that it’s being accessed via HTTPS.
> Distutils-SIG maillist - Distutils-SIG at python.org
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Distutils-SIG