[pydotorg-www] PyPI security notice
Ian Mackey
iwm21 at cam.ac.uk
Sat Feb 16 09:23:22 CET 2013
I went through the procedure more than once and have received nothing on my e-mail account.
How long might I have to wait
---
Ian Mackey Network Services Manager
University Computing Service - University of Cambridge
New Museums Site Pembroke Street Cambridge CB2 3QH
Tel:[+44/0]1223 768963 e-mail: iwm21 at cam.ac.uk
On 15 Feb 2013, at 01:23, richard at python.org wrote:
>
> TL;DR: please log into PyPI and change your password.
>
> Dear PyPI user iwm21,
>
> Recently we have been auditing and improving security of the Python Package
> Index (PyPI) and other python.org hosts.
>
> You may be aware that the wiki.python.org host was compromised. Since we must
> assume that all passwords stored in that system are also compromised, and we
> also assume that some users share passwords between python.org systems, I will
> be performing a password reset of all PyPI accounts in one week's time, at
> 2013-02-22 00:00 UTC.
>
> If you log in before that deadline and change your password then you'll be
> fine, otherwise you'll need to use the password recovery form after the reset
> has occurred.
>
> Additionally, I ask you to begin to access PyPI using HTTPS through the web.
> We're in the process of installing a new SSL certificate so the current Big Red
> Certificate Warning should go away very soon.
>
> We are in the process of updating the Python packaging toolset to use HTTPS.
>
> These steps are but a couple of those we're intending to take to better secure
> PyPI. If you are interested in these matters I encourage you to participate in
> the discussion on the catalog SIG:
>
> http://mail.python.org/mailman/listinfo/catalog-sig
>
> Finally, I apologise for any inconvenience these changes have caused.
>
>
> Richard Jones <richard at python.org>
> PyPI Maintainer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130216/a3bb3b77/attachment.html>
More information about the pydotorg-www
mailing list