From paul at boddie.org.uk  Tue Sep  3 01:50:34 2013
From: paul at boddie.org.uk (Paul Boddie)
Date: Tue, 3 Sep 2013 01:50:34 +0200
Subject: [pydotorg-www] Wiki Spam and Maintenance
Message-ID: <201309030150.34975.paul@boddie.org.uk>

Hello,

I'm not sure whether anyone noticed, but for most of August I wasn't doing any 
Python Wiki maintenance, so I'd like to thank those people who stepped in and 
tried to keep the wiki free of spam. As those unfortunate people realised, 
removing spam can take up considerable amounts of time that could be spent on 
other things.

Spam prevention can be a difficult trick to pull off: the MoinMoin Wiki 
manages to do just fine, as does the Debian Wiki, it would seem. Meanwhile, 
other Moin wikis struggle to deal with the deluge of Internet spam, and this 
presumably frustrates both users and admins alike. Consequently, I have made 
an attempt at elementary advice on the matter:

http://sourceforge.net/mailarchive/message.php?msg_id=31345030

(I have also given advice for specific wikis in the past [*], but I have no 
idea whether this advice has been followed, especially given the current 
difficulties of such sites.)

I do not feel that the right balance is being maintained between the freedom 
to edit the Python Wiki and the need to demand that contributors be 
sufficiently trustworthy and knowledgeable in order to make edits. Since the 
threshold to make edits once one has registered an account remains too low, 
spammers are able to take advantage of our generosity of spirit.

It is unfortunate, then, that wiki maintainers do not enjoy the same level of 
accommodation enjoyed by spammers along with hypothetical wiki editors who 
would supposedly go to the trouble of creating a wiki account and making edits 
without being able to answer even the most elementary question about the 
nature of Python or its community. Although textcha support is enabled, we 
seem to be asking such casual contributors the wrong questions, and the cost 
of this is being borne by the wiki maintainers.

I would much rather be doing other things than clean up spam that probably 
could have been prevented through more effective use of the available 
mechanisms. My time and the time of others is being wasted so that other 
random people can merely avoid inconvenience. I do not regard this situation 
as a sustainable one, nor do I regard it as an acceptable way of treating 
those who have taken on such responsibility voluntarily.

Please can we review our anti-spam measures and implement a policy that does 
not take advantage of those volunteers who feel responsible for maintaining 
this resource? I appreciate the work done to revive and run this resource, but 
I feel that the patience of those maintaining it will eventually expire if 
something is not done about this.

Thanks,

Paul

[*] http://www.selenic.com/pipermail/mercurial/2010-May/032464.html

From mal at egenix.com  Tue Sep  3 13:18:43 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Tue, 03 Sep 2013 13:18:43 +0200
Subject: [pydotorg-www] Wiki moin logs are now rotated monthly
Message-ID: <5225C593.5010203@egenix.com>

Since the wiki VM is rather tight on disk space, I've enabled monthly
rotation of the moin event logs for all wikis.

A side effect of this change is that the page visits count in
moin will appear to be cleared once a month.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 03 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From mal at python.org  Tue Sep  3 14:03:39 2013
From: mal at python.org (M.-A. Lemburg)
Date: Tue, 03 Sep 2013 14:03:39 +0200
Subject: [pydotorg-www] Wiki Spam and Maintenance
In-Reply-To: <201309030150.34975.paul@boddie.org.uk>
References: <201309030150.34975.paul@boddie.org.uk>
Message-ID: <5225D01B.3000802@python.org>

Hi Paul,

I can understand your frustration. I've just removed several spam
pages and blocked spam user accounts in both the Python and Jython
wikis.

I also removed some of the too easy to guess textcha questions.

For the Jython wiki, I think we should consider turning off editing
for new users. There simply aren't enough edits from real users
(perhaps 1 or 2 a month).

For the Python wiki, the textchas still appear to work reasonably
well.


On 03.09.2013 01:50, Paul Boddie wrote:
> Hello,
> 
> I'm not sure whether anyone noticed, but for most of August I wasn't doing any 
> Python Wiki maintenance, so I'd like to thank those people who stepped in and 
> tried to keep the wiki free of spam. As those unfortunate people realised, 
> removing spam can take up considerable amounts of time that could be spent on 
> other things.
> 
> Spam prevention can be a difficult trick to pull off: the MoinMoin Wiki 
> manages to do just fine, as does the Debian Wiki, it would seem. Meanwhile, 
> other Moin wikis struggle to deal with the deluge of Internet spam, and this 
> presumably frustrates both users and admins alike. Consequently, I have made 
> an attempt at elementary advice on the matter:
> 
> http://sourceforge.net/mailarchive/message.php?msg_id=31345030
> 
> (I have also given advice for specific wikis in the past [*], but I have no 
> idea whether this advice has been followed, especially given the current 
> difficulties of such sites.)
> 
> I do not feel that the right balance is being maintained between the freedom 
> to edit the Python Wiki and the need to demand that contributors be 
> sufficiently trustworthy and knowledgeable in order to make edits. Since the 
> threshold to make edits once one has registered an account remains too low, 
> spammers are able to take advantage of our generosity of spirit.
> 
> It is unfortunate, then, that wiki maintainers do not enjoy the same level of 
> accommodation enjoyed by spammers along with hypothetical wiki editors who 
> would supposedly go to the trouble of creating a wiki account and making edits 
> without being able to answer even the most elementary question about the 
> nature of Python or its community. Although textcha support is enabled, we 
> seem to be asking such casual contributors the wrong questions, and the cost 
> of this is being borne by the wiki maintainers.
> 
> I would much rather be doing other things than clean up spam that probably 
> could have been prevented through more effective use of the available 
> mechanisms. My time and the time of others is being wasted so that other 
> random people can merely avoid inconvenience. I do not regard this situation 
> as a sustainable one, nor do I regard it as an acceptable way of treating 
> those who have taken on such responsibility voluntarily.
> 
> Please can we review our anti-spam measures and implement a policy that does 
> not take advantage of those volunteers who feel responsible for maintaining 
> this resource? I appreciate the work done to revive and run this resource, but 
> I feel that the patience of those maintaining it will eventually expire if 
> something is not done about this.
> 
> Thanks,
> 
> Paul
> 
> [*] http://www.selenic.com/pipermail/mercurial/2010-May/032464.html
> _______________________________________________
> pydotorg-www mailing list
> pydotorg-www at python.org
> http://mail.python.org/mailman/listinfo/pydotorg-www
> 

-- 
Marc-Andre Lemburg
Director
Python Software Foundation
http://www.python.org/psf/

From mal at egenix.com  Tue Sep  3 16:49:49 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Tue, 03 Sep 2013 16:49:49 +0200
Subject: [pydotorg-www] Removed wiki attack banners
Message-ID: <5225F70D.6010201@egenix.com>

Since the HTTPS redirect are now mostly working (there are still some
details to be worked out), I've removed the wiki banners about the
attack and instead added a section to the front pages of the Python
and Jython wikis.

It's a good idea to change the passwords on the wikis now, since
clear text passwords are just too easy to sniff at conferences.

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 03 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From mal at egenix.com  Wed Sep  4 22:16:41 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Wed, 04 Sep 2013 22:16:41 +0200
Subject: [pydotorg-www] Removed wiki attack banners
In-Reply-To: <5225F70D.6010201@egenix.com>
References: <5225F70D.6010201@egenix.com>
Message-ID: <52279529.6080205@egenix.com>

On 03.09.2013 16:49, M.-A. Lemburg wrote:
> Since the HTTPS redirect are now mostly working (there are still some
> details to be worked out), I've removed the wiki banners about the
> attack and instead added a section to the front pages of the Python
> and Jython wikis.
> 
> It's a good idea to change the passwords on the wikis now, since
> clear text passwords are just too easy to sniff at conferences.

Update: The HTTPS config changes have now been put in place and

HSTS is now also enabled for the wikis:

http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

(allowing redirects to happen on the client side, if the browser
supports HSTS)

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 04 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From mal at egenix.com  Wed Sep  4 22:26:51 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Wed, 04 Sep 2013 22:26:51 +0200
Subject: [pydotorg-www] Removed wiki attack banners
In-Reply-To: <52279529.6080205@egenix.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
Message-ID: <5227978B.5020700@egenix.com>

On 04.09.2013 22:16, M.-A. Lemburg wrote:
> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>> Since the HTTPS redirect are now mostly working (there are still some
>> details to be worked out), I've removed the wiki banners about the
>> attack and instead added a section to the front pages of the Python
>> and Jython wikis.
>>
>> It's a good idea to change the passwords on the wikis now, since
>> clear text passwords are just too easy to sniff at conferences.
> 
> Update: The HTTPS config changes have now been put in place and
> 
> HSTS is now also enabled for the wikis:
> 
> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> 
> (allowing redirects to happen on the client side, if the browser
> supports HSTS)

I've submitted an HSTS preload list entry request to Google for
inclusion in their list:

https://sites.google.com/a/chromium.org/dev/sts
https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json

Firefox bases its list on Google's, so hopefully wiki.python.org
will end up there as well in a few weeks:

http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 04 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From mal at egenix.com  Thu Sep  5 18:06:13 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Thu, 05 Sep 2013 18:06:13 +0200
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <5227978B.5020700@egenix.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com>
Message-ID: <5228ABF5.8000101@egenix.com>

On 04.09.2013 22:26, M.-A. Lemburg wrote:
> On 04.09.2013 22:16, M.-A. Lemburg wrote:
>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>>> Since the HTTPS redirect are now mostly working (there are still some
>>> details to be worked out), I've removed the wiki banners about the
>>> attack and instead added a section to the front pages of the Python
>>> and Jython wikis.
>>>
>>> It's a good idea to change the passwords on the wikis now, since
>>> clear text passwords are just too easy to sniff at conferences.
>>
>> Update: The HTTPS config changes have now been put in place and
>>
>> HSTS is now also enabled for the wikis:
>>
>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>
>> (allowing redirects to happen on the client side, if the browser
>> supports HSTS)
> 
> I've submitted an HSTS preload list entry request to Google for
> inclusion in their list:
> 
> https://sites.google.com/a/chromium.org/dev/sts
> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> 
> Firefox bases its list on Google's, so hopefully wiki.python.org
> will end up there as well in a few weeks:
> 
> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List

This is added now:

http://src.chromium.org/viewvc/chrome?revision=221431&view=revision

It'll appear in Chrome after the usual product development
cycles. Not sure how often Mozilla updates their list.

Donald: You might want to add pypi.python.org to the HSTS
list as well.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 05 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
2013-09-28: PyDDF Sprint ...                               23 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From techtonik at gmail.com  Thu Sep  5 21:58:46 2013
From: techtonik at gmail.com (anatoly techtonik)
Date: Thu, 5 Sep 2013 22:58:46 +0300
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <5228ABF5.8000101@egenix.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
Message-ID: <CAPkN8xJWrWNoUq3v+s26Aza5QfaZKT40_UasLs6OorHE58Yh5w@mail.gmail.com>

On Thu, Sep 5, 2013 at 7:06 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> On 04.09.2013 22:26, M.-A. Lemburg wrote:
>> On 04.09.2013 22:16, M.-A. Lemburg wrote:
>>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>>>> Since the HTTPS redirect are now mostly working (there are still some
>>>> details to be worked out), I've removed the wiki banners about the
>>>> attack and instead added a section to the front pages of the Python
>>>> and Jython wikis.
>>>>
>>>> It's a good idea to change the passwords on the wikis now, since
>>>> clear text passwords are just too easy to sniff at conferences.
>>>
>>> Update: The HTTPS config changes have now been put in place and
>>>
>>> HSTS is now also enabled for the wikis:
>>>
>>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>>
>>> (allowing redirects to happen on the client side, if the browser
>>> supports HSTS)
>>
>> I've submitted an HSTS preload list entry request to Google for
>> inclusion in their list:
>>
>> https://sites.google.com/a/chromium.org/dev/sts
>> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
>>
>> Firefox bases its list on Google's, so hopefully wiki.python.org
>> will end up there as well in a few weeks:
>>
>> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
>> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
>
> This is added now:
>
> http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
>
> It'll appear in Chrome after the usual product development
> cycles. Not sure how often Mozilla updates their list.
>
> Donald: You might want to add pypi.python.org to the HSTS
> list as well.

All of the above is very good news indeed. =)
--
anatoly t.

From leah at numfocus.org  Fri Sep  6 00:07:45 2013
From: leah at numfocus.org (Leah Silen)
Date: Thu, 5 Sep 2013 17:07:45 -0500
Subject: [pydotorg-www] Conference to add
Message-ID: <055920AF-0F6C-481C-91C5-C26F3992266B@pydata.org>

Can you please add PyData to the conference list?

http://pydata.org/

Thanks!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130905/047d5087/attachment.html>

From mal at egenix.com  Fri Sep  6 10:21:34 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 06 Sep 2013 10:21:34 +0200
Subject: [pydotorg-www] Conference to add
In-Reply-To: <055920AF-0F6C-481C-91C5-C26F3992266B@pydata.org>
References: <055920AF-0F6C-481C-91C5-C26F3992266B@pydata.org>
Message-ID: <5229908E.9010505@egenix.com>

Hi Leah,

are you referring to this listing:

http://python.org/community/workshops/

?

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 06 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                14 days to go
2013-09-28: PyDDF Sprint ...                               22 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

On 06.09.2013 00:07, Leah Silen wrote:
> Can you please add PyData to the conference list?
> 
> http://pydata.org/
> 
> Thanks!!
> 
> 
> 
> _______________________________________________
> pydotorg-www mailing list
> pydotorg-www at python.org
> https://mail.python.org/mailman/listinfo/pydotorg-www
> 


From noah at coderanger.net  Sat Sep  7 09:01:37 2013
From: noah at coderanger.net (Noah Kantrowitz)
Date: Sat, 7 Sep 2013 00:01:37 -0700
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
Message-ID: <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>

I would sooner burn the entire PSF infra than compromise our key integrity (if you are worried about government intrusions). Every person that has ever had access to our key material I trust personally (the list is quite small). Given that, PFS doesn't buy us a whole lot unless someone was able to steal the private key(s) without our knowledge and while every step I can think has been taken to prevent this, I can never fully rule it out. That said, now that Fastly handles the vast bulk of SSL terminations, we can probably look at this without risk of overloading the servers :-) (corollary, Fastly doesn't offer ECC for exactly the same reasons we aren't, nor would I expect this to change in the near future)

--Noah

On Sep 6, 2013, at 11:39 PM, Gregory P. Smith wrote:

> Any chance we could change the default preferred ciphers?
> 
> currently sslscan shows (complete with a misspelling):
> 
>   Prefered Server Cipher(s):
>     SSLv3  128 bits  RC4-SHA
>     TLSv1  128 bits  RC4-SHA
> 
> for wiki.python.org et al?
> 
> Defaulting to ECDHE (for perfect forward secrecy) seem the right thing to do for the web.
> 
> ie it'd be great to see:
> 
>   Prefered Server Cipher(s):
>     SSLv3  128 bits  ECDHE-RSA-RC4-SHA
>     TLSv1  128 bits  ECDHE-RSA-RC4-SHA
> 
> http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
> 
> -gps
> 
> 
> 
> On Thu, Sep 5, 2013 at 9:06 AM, M.-A. Lemburg <mal at egenix.com> wrote:
> On 04.09.2013 22:26, M.-A. Lemburg wrote:
> > On 04.09.2013 22:16, M.-A. Lemburg wrote:
> >> On 03.09.2013 16:49, M.-A. Lemburg wrote:
> >>> Since the HTTPS redirect are now mostly working (there are still some
> >>> details to be worked out), I've removed the wiki banners about the
> >>> attack and instead added a section to the front pages of the Python
> >>> and Jython wikis.
> >>>
> >>> It's a good idea to change the passwords on the wikis now, since
> >>> clear text passwords are just too easy to sniff at conferences.
> >>
> >> Update: The HTTPS config changes have now been put in place and
> >>
> >> HSTS is now also enabled for the wikis:
> >>
> >> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> >>
> >> (allowing redirects to happen on the client side, if the browser
> >> supports HSTS)
> >
> > I've submitted an HSTS preload list entry request to Google for
> > inclusion in their list:
> >
> > https://sites.google.com/a/chromium.org/dev/sts
> > https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> >
> > Firefox bases its list on Google's, so hopefully wiki.python.org
> > will end up there as well in a few weeks:
> >
> > http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> > https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
> 
> This is added now:
> 
> http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
> 
> It'll appear in Chrome after the usual product development
> cycles. Not sure how often Mozilla updates their list.
> 
> Donald: You might want to add pypi.python.org to the HSTS
> list as well.
> 
> --
> Marc-Andre Lemburg
> eGenix.com
> 
> Professional Python Services directly from the Source  (#1, Sep 05 2013)
> >>> Python Projects, Consulting and Support ...   http://www.egenix.com/
> >>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
> 2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
> 2013-09-28: PyDDF Sprint ...                               23 days to go
> 
>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>            Registered at Amtsgericht Duesseldorf: HRB 46611
>                http://www.egenix.com/company/contact/
> ________________________________________________
> Infrastructure mailing list
> Infrastructure at python.org
> https://mail.python.org/mailman/listinfo/infrastructure
> Unsubscribe: https://mail.python.org/mailman/options/infrastructure/greg%40krypto.org
> 
> ________________________________________________
> Infrastructure mailing list
> Infrastructure at python.org
> https://mail.python.org/mailman/listinfo/infrastructure
> Unsubscribe: https://mail.python.org/mailman/options/infrastructure/noah%40coderanger.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/d688d1a2/attachment.sig>

From mal at egenix.com  Sat Sep  7 12:41:31 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Sat, 07 Sep 2013 12:41:31 +0200
Subject: [pydotorg-www] [Infrastructure] SSL support (was: Removed wiki
 attack banners)
In-Reply-To: <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
References: <5225F70D.6010201@egenix.com>
 <52279529.6080205@egenix.com>	<5227978B.5020700@egenix.com>
 <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
Message-ID: <522B02DB.1000103@egenix.com>

Hmm, according to SSLLabs, DHE is not used by browsers
for wiki.python.org:

https://www.ssllabs.com/ssltest/analyze.html?d=wiki.python.org

Note that ECs are not widely supported, so using those is not
such a good idea. Moving away from the ancient RC4 is, though,
esp. if TLS 1.2 is available:

https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what

TLS_DHE_RSA_WITH_AES_256_CBC_SHA would be better as default
first choice for SSL.

Not sure whether this is worth fixing for the public wikis,
but once we're starting to host things like e-voting on the
OSL infra structure, this may become more important.

Background info: DHE causes the session key to be
negotiated between server and client without actually sending
key data over the wire. As a result, getting at the session
key by looking at a recorded SSL session is really hard, even
if you know the server's private key. Without DHE, it is easily
possible to recreate the session key, provided you know the
server's private key and have a recording for the SSL handshake.
That's where the term "forward secrecy" comes from - future loss
of a private key doesn't result in all recorded SSL sessions to
suddenly become easily decipherable.


On 07.09.2013 08:39, Gregory P. Smith wrote:
> Any chance we could change the default preferred ciphers?
> 
> currently sslscan shows (complete with a misspelling):
> 
>   Prefered Server Cipher(s):
>     SSLv3  128 bits  RC4-SHA
>     TLSv1  128 bits  RC4-SHA
> 
> for wiki.python.org et al?
> 
> Defaulting to ECDHE (for perfect forward secrecy) seem the right thing to
> do for the web.
> 
> ie it'd be great to see:
> 
>   Prefered Server Cipher(s):
>     SSLv3  128 bits  ECDHE-RSA-RC4-SHA
>     TLSv1  128 bits  ECDHE-RSA-RC4-SHA
> 
> http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
> 
> -gps
> 
> 
> 
> On Thu, Sep 5, 2013 at 9:06 AM, M.-A. Lemburg <mal at egenix.com> wrote:
> 
>> On 04.09.2013 22:26, M.-A. Lemburg wrote:
>>> On 04.09.2013 22:16, M.-A. Lemburg wrote:
>>>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>>>>> Since the HTTPS redirect are now mostly working (there are still some
>>>>> details to be worked out), I've removed the wiki banners about the
>>>>> attack and instead added a section to the front pages of the Python
>>>>> and Jython wikis.
>>>>>
>>>>> It's a good idea to change the passwords on the wikis now, since
>>>>> clear text passwords are just too easy to sniff at conferences.
>>>>
>>>> Update: The HTTPS config changes have now been put in place and
>>>>
>>>> HSTS is now also enabled for the wikis:
>>>>
>>>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>>>
>>>> (allowing redirects to happen on the client side, if the browser
>>>> supports HSTS)
>>>
>>> I've submitted an HSTS preload list entry request to Google for
>>> inclusion in their list:
>>>
>>> https://sites.google.com/a/chromium.org/dev/sts
>>>
>> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
>>>
>>> Firefox bases its list on Google's, so hopefully wiki.python.org
>>> will end up there as well in a few weeks:
>>>
>>> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
>>> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
>>
>> This is added now:
>>
>> http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
>>
>> It'll appear in Chrome after the usual product development
>> cycles. Not sure how often Mozilla updates their list.
>>
>> Donald: You might want to add pypi.python.org to the HSTS
>> list as well.
>>
>> --
>> Marc-Andre Lemburg
>> eGenix.com
>>
>> Professional Python Services directly from the Source  (#1, Sep 05 2013)
>>>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
>> ________________________________________________________________________
>> 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
>> 2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
>> 2013-09-28: PyDDF Sprint ...                               23 days to go
>>
>>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>>            Registered at Amtsgericht Duesseldorf: HRB 46611
>>                http://www.egenix.com/company/contact/
>> ________________________________________________
>> Infrastructure mailing list
>> Infrastructure at python.org
>> https://mail.python.org/mailman/listinfo/infrastructure
>> Unsubscribe:
>> https://mail.python.org/mailman/options/infrastructure/greg%40krypto.org
>>
> 

From greg at krypto.org  Sat Sep  7 08:39:23 2013
From: greg at krypto.org (Gregory P. Smith)
Date: Fri, 6 Sep 2013 23:39:23 -0700
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <5228ABF5.8000101@egenix.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
Message-ID: <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>

Any chance we could change the default preferred ciphers?

currently sslscan shows (complete with a misspelling):

  Prefered Server Cipher(s):
    SSLv3  128 bits  RC4-SHA
    TLSv1  128 bits  RC4-SHA

for wiki.python.org et al?

Defaulting to ECDHE (for perfect forward secrecy) seem the right thing to
do for the web.

ie it'd be great to see:

  Prefered Server Cipher(s):
    SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA

http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html

-gps



On Thu, Sep 5, 2013 at 9:06 AM, M.-A. Lemburg <mal at egenix.com> wrote:

> On 04.09.2013 22:26, M.-A. Lemburg wrote:
> > On 04.09.2013 22:16, M.-A. Lemburg wrote:
> >> On 03.09.2013 16:49, M.-A. Lemburg wrote:
> >>> Since the HTTPS redirect are now mostly working (there are still some
> >>> details to be worked out), I've removed the wiki banners about the
> >>> attack and instead added a section to the front pages of the Python
> >>> and Jython wikis.
> >>>
> >>> It's a good idea to change the passwords on the wikis now, since
> >>> clear text passwords are just too easy to sniff at conferences.
> >>
> >> Update: The HTTPS config changes have now been put in place and
> >>
> >> HSTS is now also enabled for the wikis:
> >>
> >> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> >>
> >> (allowing redirects to happen on the client side, if the browser
> >> supports HSTS)
> >
> > I've submitted an HSTS preload list entry request to Google for
> > inclusion in their list:
> >
> > https://sites.google.com/a/chromium.org/dev/sts
> >
> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> >
> > Firefox bases its list on Google's, so hopefully wiki.python.org
> > will end up there as well in a few weeks:
> >
> > http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> > https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
>
> This is added now:
>
> http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
>
> It'll appear in Chrome after the usual product development
> cycles. Not sure how often Mozilla updates their list.
>
> Donald: You might want to add pypi.python.org to the HSTS
> list as well.
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source  (#1, Sep 05 2013)
> >>> Python Projects, Consulting and Support ...   http://www.egenix.com/
> >>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
> 2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
> 2013-09-28: PyDDF Sprint ...                               23 days to go
>
>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>            Registered at Amtsgericht Duesseldorf: HRB 46611
>                http://www.egenix.com/company/contact/
> ________________________________________________
> Infrastructure mailing list
> Infrastructure at python.org
> https://mail.python.org/mailman/listinfo/infrastructure
> Unsubscribe:
> https://mail.python.org/mailman/options/infrastructure/greg%40krypto.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130906/f8b8e228/attachment.html>

From greg at krypto.org  Sat Sep  7 20:18:54 2013
From: greg at krypto.org (Gregory P. Smith)
Date: Sat, 7 Sep 2013 11:18:54 -0700
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>
Message-ID: <CAGE7PNKw0s0j_AEbR7S+6NBSB37zTi4o8cdnOSKcswCd=sRPRA@mail.gmail.com>

On Sat, Sep 7, 2013 at 12:01 AM, Noah Kantrowitz <noah at coderanger.net>wrote:

> I would sooner burn the entire PSF infra than compromise our key integrity
> (if you are worried about government intrusions). Every person that has
> ever had access to our key material I trust personally (the list is quite
> small). Given that, PFS doesn't buy us a whole lot unless someone was able
> to steal the private key(s) without our knowledge and while every step I
> can think has been taken to prevent this, I can never fully rule it out.
> That said, now that Fastly handles the vast bulk of SSL terminations, we
> can probably look at this without risk of overloading the servers :-)
> (corollary, Fastly doesn't offer ECC for exactly the same reasons we
> aren't, nor would I expect this to change in the near future)
>

I'm not worried about anything. I was just wondering if we could follow the
best practices on the web to set a good example. But since I'm not doing
the work I'll just shutup. :)


>
> --Noah
>
> On Sep 6, 2013, at 11:39 PM, Gregory P. Smith wrote:
>
> > Any chance we could change the default preferred ciphers?
> >
> > currently sslscan shows (complete with a misspelling):
> >
> >   Prefered Server Cipher(s):
> >     SSLv3  128 bits  RC4-SHA
> >     TLSv1  128 bits  RC4-SHA
> >
> > for wiki.python.org et al?
> >
> > Defaulting to ECDHE (for perfect forward secrecy) seem the right thing
> to do for the web.
> >
> > ie it'd be great to see:
> >
> >   Prefered Server Cipher(s):
> >     SSLv3  128 bits  ECDHE-RSA-RC4-SHA
> >     TLSv1  128 bits  ECDHE-RSA-RC4-SHA
> >
> > http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
> >
> > -gps
> >
> >
> >
> > On Thu, Sep 5, 2013 at 9:06 AM, M.-A. Lemburg <mal at egenix.com> wrote:
> > On 04.09.2013 22:26, M.-A. Lemburg wrote:
> > > On 04.09.2013 22:16, M.-A. Lemburg wrote:
> > >> On 03.09.2013 16:49, M.-A. Lemburg wrote:
> > >>> Since the HTTPS redirect are now mostly working (there are still some
> > >>> details to be worked out), I've removed the wiki banners about the
> > >>> attack and instead added a section to the front pages of the Python
> > >>> and Jython wikis.
> > >>>
> > >>> It's a good idea to change the passwords on the wikis now, since
> > >>> clear text passwords are just too easy to sniff at conferences.
> > >>
> > >> Update: The HTTPS config changes have now been put in place and
> > >>
> > >> HSTS is now also enabled for the wikis:
> > >>
> > >> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> > >>
> > >> (allowing redirects to happen on the client side, if the browser
> > >> supports HSTS)
> > >
> > > I've submitted an HSTS preload list entry request to Google for
> > > inclusion in their list:
> > >
> > > https://sites.google.com/a/chromium.org/dev/sts
> > >
> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> > >
> > > Firefox bases its list on Google's, so hopefully wiki.python.org
> > > will end up there as well in a few weeks:
> > >
> > > http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> > > https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
> >
> > This is added now:
> >
> > http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
> >
> > It'll appear in Chrome after the usual product development
> > cycles. Not sure how often Mozilla updates their list.
> >
> > Donald: You might want to add pypi.python.org to the HSTS
> > list as well.
> >
> > --
> > Marc-Andre Lemburg
> > eGenix.com
> >
> > Professional Python Services directly from the Source  (#1, Sep 05 2013)
> > >>> Python Projects, Consulting and Support ...   http://www.egenix.com/
> > >>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
> > >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> > ________________________________________________________________________
> > 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
> > 2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
> > 2013-09-28: PyDDF Sprint ...                               23 days to go
> >
> >    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
> >     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> >            Registered at Amtsgericht Duesseldorf: HRB 46611
> >                http://www.egenix.com/company/contact/
> > ________________________________________________
> > Infrastructure mailing list
> > Infrastructure at python.org
> > https://mail.python.org/mailman/listinfo/infrastructure
> > Unsubscribe:
> https://mail.python.org/mailman/options/infrastructure/greg%40krypto.org
> >
> > ________________________________________________
> > Infrastructure mailing list
> > Infrastructure at python.org
> > https://mail.python.org/mailman/listinfo/infrastructure
> > Unsubscribe:
> https://mail.python.org/mailman/options/infrastructure/noah%40coderanger.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/e6e69bb8/attachment-0001.html>

From greg at krypto.org  Sat Sep  7 20:25:52 2013
From: greg at krypto.org (Gregory P. Smith)
Date: Sat, 7 Sep 2013 11:25:52 -0700
Subject: [pydotorg-www] [Infrastructure] SSL support (was: Removed wiki
 attack banners)
In-Reply-To: <522B02DB.1000103@egenix.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <522B02DB.1000103@egenix.com>
Message-ID: <CAGE7PNJvWsSo8xDZX6=YmQBXB8x-C_u1EJRkAk8ZvXb=QOzw_Q@mail.gmail.com>

On Sat, Sep 7, 2013 at 3:41 AM, M.-A. Lemburg <mal at egenix.com> wrote:

> Hmm, according to SSLLabs, DHE is not used by browsers
> for wiki.python.org:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.python.org
>
> Note that ECs are not widely supported, so using those is not
> such a good idea. Moving away from the ancient RC4 is, though,
> esp. if TLS 1.2 is available:
>
>
> https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
>
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA would be better as default
> first choice for SSL.
>
> Not sure whether this is worth fixing for the public wikis,
> but once we're starting to host things like e-voting on the
> OSL infra structure, this may become more important.
>
> Background info: DHE causes the session key to be
> negotiated between server and client without actually sending
> key data over the wire. As a result, getting at the session
> key by looking at a recorded SSL session is really hard, even
> if you know the server's private key. Without DHE, it is easily
> possible to recreate the session key, provided you know the
> server's private key and have a recording for the SSL handshake.
> That's where the term "forward secrecy" comes from - future loss
> of a private key doesn't result in all recorded SSL sessions to
> suddenly become easily decipherable.
>

Oh I wouldn't say its really worth much either at least as far as our
services go. But FWIW, Chrome and Firefox both happily support perfect
forward secrecy ciphers (DHE).

http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

Google and Facebook both use it and others are sure to follow out of
embarrassment:

https://www.eff.org/deeplinks/2013/08/pushing-perfect-forward-secrecy-important-web-privacy-protection

I agree that it does not really matter for us. Just falls into a "oh by the
way, this would be nice" category if someone configuring things wants to
spend time learning how to set it up. Make a blog post out of it if you do.
:)

-gps


>
> On 07.09.2013 08:39, Gregory P. Smith wrote:
> > Any chance we could change the default preferred ciphers?
> >
> > currently sslscan shows (complete with a misspelling):
> >
> >   Prefered Server Cipher(s):
> >     SSLv3  128 bits  RC4-SHA
> >     TLSv1  128 bits  RC4-SHA
> >
> > for wiki.python.org et al?
> >
> > Defaulting to ECDHE (for perfect forward secrecy) seem the right thing to
> > do for the web.
> >
> > ie it'd be great to see:
> >
> >   Prefered Server Cipher(s):
> >     SSLv3  128 bits  ECDHE-RSA-RC4-SHA
> >     TLSv1  128 bits  ECDHE-RSA-RC4-SHA
> >
> > http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
> >
> > -gps
> >
> >
> >
> > On Thu, Sep 5, 2013 at 9:06 AM, M.-A. Lemburg <mal at egenix.com> wrote:
> >
> >> On 04.09.2013 22:26, M.-A. Lemburg wrote:
> >>> On 04.09.2013 22:16, M.-A. Lemburg wrote:
> >>>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
> >>>>> Since the HTTPS redirect are now mostly working (there are still some
> >>>>> details to be worked out), I've removed the wiki banners about the
> >>>>> attack and instead added a section to the front pages of the Python
> >>>>> and Jython wikis.
> >>>>>
> >>>>> It's a good idea to change the passwords on the wikis now, since
> >>>>> clear text passwords are just too easy to sniff at conferences.
> >>>>
> >>>> Update: The HTTPS config changes have now been put in place and
> >>>>
> >>>> HSTS is now also enabled for the wikis:
> >>>>
> >>>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> >>>>
> >>>> (allowing redirects to happen on the client side, if the browser
> >>>> supports HSTS)
> >>>
> >>> I've submitted an HSTS preload list entry request to Google for
> >>> inclusion in their list:
> >>>
> >>> https://sites.google.com/a/chromium.org/dev/sts
> >>>
> >>
> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> >>>
> >>> Firefox bases its list on Google's, so hopefully wiki.python.org
> >>> will end up there as well in a few weeks:
> >>>
> >>> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> >>> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
> >>
> >> This is added now:
> >>
> >> http://src.chromium.org/viewvc/chrome?revision=221431&view=revision
> >>
> >> It'll appear in Chrome after the usual product development
> >> cycles. Not sure how often Mozilla updates their list.
> >>
> >> Donald: You might want to add pypi.python.org to the HSTS
> >> list as well.
> >>
> >> --
> >> Marc-Andre Lemburg
> >> eGenix.com
> >>
> >> Professional Python Services directly from the Source  (#1, Sep 05 2013)
> >>>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
> >>>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
> >>>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> >> ________________________________________________________________________
> >> 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...
> http://egenix.com/go48
> >> 2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
> >> 2013-09-28: PyDDF Sprint ...                               23 days to go
> >>
> >>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
> >>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> >>            Registered at Amtsgericht Duesseldorf: HRB 46611
> >>                http://www.egenix.com/company/contact/
> >> ________________________________________________
> >> Infrastructure mailing list
> >> Infrastructure at python.org
> >> https://mail.python.org/mailman/listinfo/infrastructure
> >> Unsubscribe:
> >>
> https://mail.python.org/mailman/options/infrastructure/greg%40krypto.org
> >>
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/2e9b5338/attachment.html>

From donald at stufft.io  Sat Sep  7 20:52:54 2013
From: donald at stufft.io (Donald Stufft)
Date: Sat, 7 Sep 2013 14:52:54 -0400
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <CAGE7PNKw0s0j_AEbR7S+6NBSB37zTi4o8cdnOSKcswCd=sRPRA@mail.gmail.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>
 <CAGE7PNKw0s0j_AEbR7S+6NBSB37zTi4o8cdnOSKcswCd=sRPRA@mail.gmail.com>
Message-ID: <73A66911-83A3-4DAC-850F-5DEFF8457072@stufft.io>


On Sep 7, 2013, at 2:18 PM, "Gregory P. Smith" <greg at krypto.org> wrote:

> I'm not worried about anything. I was just wondering if we could follow the best practices on the web to set a good example. But since I'm not doing the work I'll just shutup. :)

I just deployed: https://github.com/python/psf-chef/pull/50

Looks like we didn't get PSF from it though, probably our OpenSSL is too old.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/8739a04d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/8739a04d/attachment-0001.sig>

From donald at stufft.io  Sat Sep  7 20:55:25 2013
From: donald at stufft.io (Donald Stufft)
Date: Sat, 7 Sep 2013 14:55:25 -0400
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <73A66911-83A3-4DAC-850F-5DEFF8457072@stufft.io>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>
 <CAGE7PNKw0s0j_AEbR7S+6NBSB37zTi4o8cdnOSKcswCd=sRPRA@mail.gmail.com>
 <73A66911-83A3-4DAC-850F-5DEFF8457072@stufft.io>
Message-ID: <0159028F-CB5F-4DEB-84AD-E23EED0FF43F@stufft.io>


On Sep 7, 2013, at 2:52 PM, Donald Stufft <donald at stufft.io> wrote:

> 
> On Sep 7, 2013, at 2:18 PM, "Gregory P. Smith" <greg at krypto.org> wrote:
> 
>> I'm not worried about anything. I was just wondering if we could follow the best practices on the web to set a good example. But since I'm not doing the work I'll just shutup. :)
> 
> I just deployed: https://github.com/python/psf-chef/pull/50
> 
> Looks like we didn't get PSF from it though, probably our OpenSSL is too old.
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> ________________________________________________
> Infrastructure mailing list
> Infrastructure at python.org
> https://mail.python.org/mailman/listinfo/infrastructure
> Unsubscribe: https://mail.python.org/mailman/options/infrastructure/donald%40stufft.io


Hm, or maybe stud doesn't support the + syntax

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/de7bbe99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/de7bbe99/attachment-0001.sig>

From donald at stufft.io  Sat Sep  7 21:26:24 2013
From: donald at stufft.io (Donald Stufft)
Date: Sat, 7 Sep 2013 15:26:24 -0400
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <0159028F-CB5F-4DEB-84AD-E23EED0FF43F@stufft.io>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <AFC1E0FC-2550-453B-9AAD-531BA4EBA409@coderanger.net>
 <CAGE7PNKw0s0j_AEbR7S+6NBSB37zTi4o8cdnOSKcswCd=sRPRA@mail.gmail.com>
 <73A66911-83A3-4DAC-850F-5DEFF8457072@stufft.io>
 <0159028F-CB5F-4DEB-84AD-E23EED0FF43F@stufft.io>
Message-ID: <8821DC51-E8CC-4EF0-A2F3-E464D1CF035D@stufft.io>

Actually it appears we need to do https://github.com/bumptech/stud#diffiehellman to get EDH working, that should then enable PFS.


On Sep 7, 2013, at 2:55 PM, Donald Stufft <donald at stufft.io> wrote:

> 
> On Sep 7, 2013, at 2:52 PM, Donald Stufft <donald at stufft.io> wrote:
> 
>> 
>> On Sep 7, 2013, at 2:18 PM, "Gregory P. Smith" <greg at krypto.org> wrote:
>> 
>>> I'm not worried about anything. I was just wondering if we could follow the best practices on the web to set a good example. But since I'm not doing the work I'll just shutup. :)
>> 
>> I just deployed: https://github.com/python/psf-chef/pull/50
>> 
>> Looks like we didn't get PSF from it though, probably our OpenSSL is too old.
>> 
>> -----------------
>> Donald Stufft
>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>> 
>> ________________________________________________
>> Infrastructure mailing list
>> Infrastructure at python.org
>> https://mail.python.org/mailman/listinfo/infrastructure
>> Unsubscribe: https://mail.python.org/mailman/options/infrastructure/donald%40stufft.io
> 
> 
> Hm, or maybe stud doesn't support the + syntax
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> ________________________________________________
> Infrastructure mailing list
> Infrastructure at python.org
> https://mail.python.org/mailman/listinfo/infrastructure
> Unsubscribe: https://mail.python.org/mailman/options/infrastructure/donald%40stufft.io


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/20e2f63a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/20e2f63a/attachment.sig>

From donald at stufft.io  Sat Sep  7 22:01:10 2013
From: donald at stufft.io (Donald Stufft)
Date: Sat, 7 Sep 2013 16:01:10 -0400
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
References: <5225F70D.6010201@egenix.com> <52279529.6080205@egenix.com>
 <5227978B.5020700@egenix.com> <5228ABF5.8000101@egenix.com>
 <CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
Message-ID: <999D6B50-3B92-4E9E-9558-624470A4CB94@stufft.io>


On Sep 7, 2013, at 2:39 AM, Gregory P. Smith <greg at krypto.org> wrote:

> Any chance we could change the default preferred ciphers?


https://www.ssllabs.com/ssltest/analyze.html?d=wiki.python.org

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/f07c8615/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130907/f07c8615/attachment.sig>

From mal at egenix.com  Sun Sep  8 17:14:44 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Sun, 08 Sep 2013 17:14:44 +0200
Subject: [pydotorg-www] [Infrastructure]  Removed wiki attack banners
In-Reply-To: <999D6B50-3B92-4E9E-9558-624470A4CB94@stufft.io>
References: <5225F70D.6010201@egenix.com>
 <52279529.6080205@egenix.com>	<5227978B.5020700@egenix.com>
 <5228ABF5.8000101@egenix.com>	<CAGE7PNJc-=TbrR_B+Lt6vdXbSLSa3Eq5o1ikb68ACZ+fB7X-RA@mail.gmail.com>
 <999D6B50-3B92-4E9E-9558-624470A4CB94@stufft.io>
Message-ID: <522C9464.1070707@egenix.com>

On 07.09.2013 22:01, Donald Stufft wrote:
> 
> On Sep 7, 2013, at 2:39 AM, Gregory P. Smith <greg at krypto.org> wrote:
> 
>> Any chance we could change the default preferred ciphers?
> 
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.python.org

Thanks, Donald.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 08 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                12 days to go
2013-09-28: PyDDF Sprint ...                               20 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From mal at egenix.com  Mon Sep  9 14:00:47 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Mon, 09 Sep 2013 14:00:47 +0200
Subject: [pydotorg-www] [psf-trademarks] Python Shirts
In-Reply-To: <CAEbHw4bUZJibNYfVWi0f+CxxpUPjsnVqpqYhvaK9eNL5=xkhLg@mail.gmail.com>
References: <16E2ABB3-3337-4CA2-90C8-5836D4818EE3@gmail.com>	<CAEbHw4aQ-nyFXUgg70M6+fyRO1gqP11k74Rns-55Q54WQ5C+Dg@mail.gmail.com>	<CA+AtToDb476nLCAOk1me6ZJvfbsm_z-DcKxp-4Hd-Lgz9MziUg@mail.gmail.com>	<8DE78A82-C58A-4285-AA70-F3ECC0F41A40@gnosis.cx>	<01C1F142-1BB8-4BA1-98C0-FFC5D2B755E5@gmail.com>	<CA+AtToDmJ9+Qcdea5KwKRkzoPpokDg64T24odTvoJ9b5YLqh3w@mail.gmail.com>	<CAEbHw4bgRBtz6KSQbE+5rm01FWf4CVEkOjwqNW+3=6X=GqOJ2Q@mail.gmail.com>	<CA+AtToCoV4a=0JRekAHnv29o56=uA3rfbXYa6sWMPrn0diJfBQ@mail.gmail.com>	<CAEbHw4a48i+EEgoLuc5WJCzQ6DzSCSA4praAMcHP9OUwB2+E7Q@mail.gmail.com>	<CA+AtToAarZTurXbT-EDi=zg69eBaXhjNHqzDLeVN9YGgs1ffTg@mail.gmail.com>	<CAEbHw4bup+ri0zLCpUZePhGff+_JLB_VE71JDxYph9xcUAhwAg@mail.gmail.com>	<CAEbHw4aaHQ-w=q+DesWPzYGVcewws2O+5C_2wHEkoFQhAhqz3Q@mail.gmail.com>	<CA+AtToB4nDDsCzZVYj+4m0+9ARYhwCASQwi=tQ5RJ774LmtVnQ@mail.gmail.com>	<CA+AtToDZg45YveuL8QkV4CMk4Zg-JXAdDE7=tGJnOHhALN+znA@mail.gmail.com>
 <CAEbHw4bUZJibNYfVWi0f+CxxpUPjsnVqpqYhvaK9eNL5=xkhLg@mail.gmail.com>
Message-ID: <522DB86F.8080402@egenix.com>

Hi David,

I've added both Python Gear and Elegant Stitches to the page.

The update should appear within an hour or so.

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 09 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                11 days to go
2013-09-28: PyDDF Sprint ...                               19 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

On 31.07.2013 02:17, David Mertz wrote:
> Hi Web Folks,
> 
> The PSF Trademarks Committee has set a policy to start including blurbs for
> authorized merchants who use our trademark.  FWIW, part of this agreement
> is for them to make donations if their sales exceed $1000 on said
> merchandise.
> 
> Please add Python Gear to http://www.python.org/community/merchandise/
> including
> the blurb Austin provides and his logo attached here.
> 
> Yours, David Mertz
> Chair, PSF TC
> Director of the PSF
> etc.
> 
> 
> 
>> On Tue, Jul 2, 2013 at 9:48 PM, Austin Gabel <agabel at gmail.com> wrote:
>>
>>> Thanks for clearing that up for me.  I think that arrangement is more
>>> than fair.  Here is what I would like to put on the merchandise page.
>>>
>>> "Look your best and show off your Python pride with T-Shirts and other
>>> merchandise from PythonGear.com.  Located in Kansas, and ready to ship your
>>> new threads anywhere in the US."
>>>
>>> And please add my logo along with it.
>>> [image: Inline image 1]
>>>
>>> Thank you very much
>>> Austin Gabel
>>>
>>
>>
>>
>> _______________________________________________
>> pydotorg-www mailing list
>> pydotorg-www at python.org
>> http://mail.python.org/mailman/listinfo/pydotorg-www


From mal at egenix.com  Fri Sep 13 09:43:12 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 13 Sep 2013 09:43:12 +0200
Subject: [pydotorg-www] =?windows-1252?q?Vulnerability_Alert_=96_OpenID_2?=
 =?windows-1252?q?=2E0_Implementations_Vulnerabilities_found_in_some_OPs_?=
 =?windows-1252?q?=7C_OpenID?=
Message-ID: <5232C210.1070301@egenix.com>

Not sure whether this is relevant for the python.org infrastructure,
but since we're using OpenID for some parts, it may be worth a
look:

http://openid.net/2013/08/15/vulnerability-alert-openid-2-0-implementations-vulnerabilities-found-in-some-ops/

AFAIK, PyPI can be used as OP, but it's not implementing OpenID 2.0.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 13 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-11: Released eGenix PyRun 1.3.0 ...       http://egenix.com/go49
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                 7 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From michael at voidspace.org.uk  Mon Sep 16 22:15:22 2013
From: michael at voidspace.org.uk (Michael Foord)
Date: Mon, 16 Sep 2013 21:15:22 +0100
Subject: [pydotorg-www] Fix a link to source code
In-Reply-To: <CAPkN8xKJZjNc=wfbL5aWauSkEx-Bud_OYxtCG5M49gL3XkT21g@mail.gmail.com>
References: <CAPkN8xKJZjNc=wfbL5aWauSkEx-Bud_OYxtCG5M49gL3XkT21g@mail.gmail.com>
Message-ID: <98F855EC-1027-46A2-AAD3-ED0F3AEBCEA8@voidspace.org.uk>


On 25 Jul 2013, at 12:48, anatoly techtonik <techtonik at gmail.com> wrote:

> http://www.python.org/getit/source/
> 
> Searching "python source" gives this page. Would be nice to see link
> to repository browser here until new site is ready.

Done (belatedly).

Michael

> --
> anatoly t.
> _______________________________________________
> pydotorg-www mailing list
> pydotorg-www at python.org
> http://mail.python.org/mailman/listinfo/pydotorg-www


--
http://www.voidspace.org.uk/


May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing 
http://www.sqlite.org/different.html






From techtonik at gmail.com  Sun Sep 22 14:22:12 2013
From: techtonik at gmail.com (anatoly techtonik)
Date: Sun, 22 Sep 2013 15:22:12 +0300
Subject: [pydotorg-www] [Infrastructure] Wiki moin logs are now rotated
	monthly
In-Reply-To: <5225C593.5010203@egenix.com>
References: <5225C593.5010203@egenix.com>
Message-ID: <CAPkN8xJRtWQdivPi3Pii3qS-yBzKJVouthOSKyUMBEYyU2cf_w@mail.gmail.com>

On Tue, Sep 3, 2013 at 2:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:

> Since the wiki VM is rather tight on disk space, I've enabled monthly
> rotation of the moin event logs for all wikis.
>
> A side effect of this change is that the page visits count in
> moin will appear to be cleared once a month.
>

Are there some public stats about wiki page popularity?
-- 
anatoly t.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130922/ec62613d/attachment.html>

From mal at egenix.com  Mon Sep 23 11:12:28 2013
From: mal at egenix.com (M.-A. Lemburg)
Date: Mon, 23 Sep 2013 11:12:28 +0200
Subject: [pydotorg-www] [Infrastructure] Wiki moin logs are now rotated
 monthly
In-Reply-To: <CAPkN8xJRtWQdivPi3Pii3qS-yBzKJVouthOSKyUMBEYyU2cf_w@mail.gmail.com>
References: <5225C593.5010203@egenix.com>
 <CAPkN8xJRtWQdivPi3Pii3qS-yBzKJVouthOSKyUMBEYyU2cf_w@mail.gmail.com>
Message-ID: <524005FC.4010001@egenix.com>

On 22.09.2013 14:22, anatoly techtonik wrote:
> On Tue, Sep 3, 2013 at 2:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> 
>> Since the wiki VM is rather tight on disk space, I've enabled monthly
>> rotation of the moin event logs for all wikis.
>>
>> A side effect of this change is that the page visits count in
>> moin will appear to be cleared once a month.
>>
> 
> Are there some public stats about wiki page popularity?

No.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 23 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-11: Released eGenix PyRun 1.3.0 ...       http://egenix.com/go49
2013-09-28: PyDDF Sprint ...                                5 days to go
2013-10-14: PyCon DE 2013, Cologne, Germany ...            21 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

From techtonik at gmail.com  Mon Sep 23 12:30:34 2013
From: techtonik at gmail.com (anatoly techtonik)
Date: Mon, 23 Sep 2013 13:30:34 +0300
Subject: [pydotorg-www] [Infrastructure] Wiki moin logs are now rotated
	monthly
In-Reply-To: <524005FC.4010001@egenix.com>
References: <5225C593.5010203@egenix.com>
 <CAPkN8xJRtWQdivPi3Pii3qS-yBzKJVouthOSKyUMBEYyU2cf_w@mail.gmail.com>
 <524005FC.4010001@egenix.com>
Message-ID: <CAPkN8xLW6tJ4DHU7EjNYj4uuMBNgu=VomM5kT-R=qbW9qk1S1Q@mail.gmail.com>

On Mon, Sep 23, 2013 at 12:12 PM, M.-A. Lemburg <mal at egenix.com> wrote:

> On 22.09.2013 14:22, anatoly techtonik wrote:
> > On Tue, Sep 3, 2013 at 2:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> >
> >> Since the wiki VM is rather tight on disk space, I've enabled monthly
> >> rotation of the moin event logs for all wikis.
> >>
> >> A side effect of this change is that the page visits count in
> >> moin will appear to be cleared once a month.
> >>
> >
> > Are there some public stats about wiki page popularity?
>
> No.


Then by disabling those logs you'll shut down wiki stats for measuring its
effectiveness.
-- 
anatoly t.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130923/b2d684be/attachment.html>

From myselfasunder at gmail.com  Wed Sep 25 21:19:38 2013
From: myselfasunder at gmail.com (Dustin Oprea)
Date: Wed, 25 Sep 2013 15:19:38 -0400
Subject: [pydotorg-www] PyPI Wordpress iframe/Widget
Message-ID: <CAG0x-ECH=UjpJuXSM7uLudKiH8iiY3Lsa-TZ=knWfd31751BJQ@mail.gmail.com>

I'd like to throw-together a little website widget that displays how many
downloads one or more PyPI projects are getting. I'd then like to wrap it
in a modest WordPress plugin.


I could do it in Javascript that directly scrapes the requested PyPI
page(s), but then it's be scraping PyPI from every page it's used, on every
pageload. It be costly to PyPI, and have a delay on the webpage. If I write
a small service endpoint, I could cache all of the information and lower
the traffic burden, and decrease the load time.

I'll only do this if I can I host the service endpoint on python.org,
though. Would I be able to?


Dustin Oprea (http://dustinoprea.com/)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130925/60d8bba3/attachment.html>

From noah at coderanger.net  Wed Sep 25 21:53:32 2013
From: noah at coderanger.net (Noah Kantrowitz)
Date: Wed, 25 Sep 2013 14:53:32 -0500
Subject: [pydotorg-www] PyPI Wordpress iframe/Widget
In-Reply-To: <CAG0x-ECH=UjpJuXSM7uLudKiH8iiY3Lsa-TZ=knWfd31751BJQ@mail.gmail.com>
References: <CAG0x-ECH=UjpJuXSM7uLudKiH8iiY3Lsa-TZ=knWfd31751BJQ@mail.gmail.com>
Message-ID: <115BA750-43F8-4A53-9D56-043FB31E0431@coderanger.net>

Download counts per file are available in the JSON output (ex. https://pypi.python.org/pypi/Django/1.5.4/json), maybe if you offer Donald some new beer or something he can add the package-level rolling counts too.

--Noah

On Sep 25, 2013, at 2:19 PM, Dustin Oprea <myselfasunder at gmail.com> wrote:

> I'd like to throw-together a little website widget that displays how many downloads one or more PyPI projects are getting. I'd then like to wrap it in a modest WordPress plugin. 
> 
> 
> I could do it in Javascript that directly scrapes the requested PyPI page(s), but then it's be scraping PyPI from every page it's used, on every pageload. It be costly to PyPI, and have a delay on the webpage. If I write a small service endpoint, I could cache all of the information and lower the traffic burden, and decrease the load time.
> 
> I'll only do this if I can I host the service endpoint on python.org, though. Would I be able to?
> 
> 
> Dustin Oprea (http://dustinoprea.com/)
> _______________________________________________
> pydotorg-www mailing list
> pydotorg-www at python.org
> https://mail.python.org/mailman/listinfo/pydotorg-www

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130925/26de14a3/attachment.sig>

From myselfasunder at gmail.com  Wed Sep 25 21:58:26 2013
From: myselfasunder at gmail.com (Dustin Oprea)
Date: Wed, 25 Sep 2013 15:58:26 -0400
Subject: [pydotorg-www] PyPI Wordpress iframe/Widget
In-Reply-To: <115BA750-43F8-4A53-9D56-043FB31E0431@coderanger.net>
References: <CAG0x-ECH=UjpJuXSM7uLudKiH8iiY3Lsa-TZ=knWfd31751BJQ@mail.gmail.com>
 <115BA750-43F8-4A53-9D56-043FB31E0431@coderanger.net>
Message-ID: <CAG0x-EBtRK71RyKnHebvF-Jp50eqBHy0yMUFsgmiJTOkkDepkQ@mail.gmail.com>

If by "package level" you mean similar counts to what's currently visible
on the standard download page, then I'd be happy to leave an envelope of
cash in a drop somewhere, to whatever end...


On Wed, Sep 25, 2013 at 3:53 PM, Noah Kantrowitz <noah at coderanger.net>wrote:

> Download counts per file are available in the JSON output (ex.
> https://pypi.python.org/pypi/Django/1.5.4/json), maybe if you offer
> Donald some new beer or something he can add the package-level rolling
> counts too.
>
> --Noah
>
> On Sep 25, 2013, at 2:19 PM, Dustin Oprea <myselfasunder at gmail.com> wrote:
>
> > I'd like to throw-together a little website widget that displays how
> many downloads one or more PyPI projects are getting. I'd then like to wrap
> it in a modest WordPress plugin.
> >
> >
> > I could do it in Javascript that directly scrapes the requested PyPI
> page(s), but then it's be scraping PyPI from every page it's used, on every
> pageload. It be costly to PyPI, and have a delay on the webpage. If I write
> a small service endpoint, I could cache all of the information and lower
> the traffic burden, and decrease the load time.
> >
> > I'll only do this if I can I host the service endpoint on python.org,
> though. Would I be able to?
> >
> >
> > Dustin Oprea (http://dustinoprea.com/)
> > _______________________________________________
> > pydotorg-www mailing list
> > pydotorg-www at python.org
> > https://mail.python.org/mailman/listinfo/pydotorg-www
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20130925/3df20657/attachment.html>