[pydotorg-www] PyPI security notice

Ian Mackey iwm21 at cam.ac.uk
Sat Feb 16 09:23:22 CET 2013 

I went through the procedure more than once and have received nothing on my e-mail account.

How long might I have to wait 

---
Ian Mackey                     Network Services Manager
University Computing Service -  University of Cambridge
New Museums Site   Pembroke Street  Cambridge   CB2 3QH
Tel:[+44/0]1223 768963          e-mail: iwm21 at cam.ac.uk



On 15 Feb 2013, at 01:23, richard at python.org wrote:

> 
> TL;DR: please log into PyPI and change your password.
> 
> Dear PyPI user iwm21,
> 
> Recently we have been auditing and improving security of the Python Package
> Index (PyPI) and other python.org hosts.
> 
> You may be aware that the wiki.python.org host was compromised. Since we must
> assume that all passwords stored in that system are also compromised, and we
> also assume that some users share passwords between python.org systems, I will
> be performing a password reset of all PyPI accounts in one week's time, at
> 2013-02-22 00:00 UTC.
> 
> If you log in before that deadline and change your password then you'll be
> fine, otherwise you'll need to use the password recovery form after the reset
> has occurred.
> 
> Additionally, I ask you to begin to access PyPI using HTTPS through the web.
> We're in the process of installing a new SSL certificate so the current Big Red
> Certificate Warning should go away very soon.
> 
> We are in the process of updating the Python packaging toolset to use HTTPS.
> 
> These steps are but a couple of those we're intending to take to better secure
> PyPI. If you are interested in these matters I encourage you to participate in
> the discussion on the catalog SIG:
> 
> http://mail.python.org/mailman/listinfo/catalog-sig
> 
> Finally, I apologise for any inconvenience these changes have caused.
> 
> 
>    Richard Jones <richard at python.org>
>    PyPI Maintainer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130216/a3bb3b77/attachment.html>

More information about the pydotorg-www mailing list