[pydotorg-www] PyPI security notice

Anthony Baxter anthonybaxter at gmail.com
Wed Feb 20 10:45:34 CET 2013 

Check your spam folder.
On Feb 16, 2013 7:41 PM, "Ian Mackey" <iwm21 at cam.ac.uk> wrote:

> I went through the procedure more than once and have received nothing on
> my e-mail account.
>
> How long might I have to wait
>
> ---
> Ian Mackey                     Network Services Manager
> University Computing Service -  University of Cambridge
> New Museums Site   Pembroke Street  Cambridge   CB2 3QH
> Tel:[+44/0]1223 768963          e-mail: iwm21 at cam.ac.uk
>
>
>
> On 15 Feb 2013, at 01:23, richard at python.org wrote:
>
>
> TL;DR: please log into PyPI and change your password.
>
> Dear PyPI user iwm21,
>
> Recently we have been auditing and improving security of the Python Package
> Index (PyPI) and other python.org hosts.
>
> You may be aware that the wiki.python.org host was compromised. Since we
> must
> assume that all passwords stored in that system are also compromised, and
> we
> also assume that some users share passwords between python.org systems, I
> will
> be performing a password reset of all PyPI accounts in one week's time, at
> 2013-02-22 00:00 UTC.
>
> If you log in before that deadline and change your password then you'll be
> fine, otherwise you'll need to use the password recovery form after the
> reset
> has occurred.
>
> Additionally, I ask you to begin to access PyPI using HTTPS through the
> web.
> We're in the process of installing a new SSL certificate so the current
> Big Red
> Certificate Warning should go away very soon.
>
> We are in the process of updating the Python packaging toolset to use
> HTTPS.
>
> These steps are but a couple of those we're intending to take to better
> secure
> PyPI. If you are interested in these matters I encourage you to
> participate in
> the discussion on the catalog SIG:
>
> http://mail.python.org/mailman/listinfo/catalog-sig
>
> Finally, I apologise for any inconvenience these changes have caused.
>
>
>    Richard Jones <richard at python.org>
>    PyPI Maintainer
>
>
>
> _______________________________________________
> pydotorg-www mailing list
> pydotorg-www at python.org
> http://mail.python.org/mailman/listinfo/pydotorg-www
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130220/775159db/attachment.html>

More information about the pydotorg-www mailing list