[pydotorg-www] [Infrastructure] Removed wiki attack banners
techtonik at gmail.com
Thu Sep 5 21:58:46 CEST 2013
On Thu, Sep 5, 2013 at 7:06 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> On 04.09.2013 22:26, M.-A. Lemburg wrote:
>> On 04.09.2013 22:16, M.-A. Lemburg wrote:
>>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>>>> Since the HTTPS redirect are now mostly working (there are still some
>>>> details to be worked out), I've removed the wiki banners about the
>>>> attack and instead added a section to the front pages of the Python
>>>> and Jython wikis.
>>>> It's a good idea to change the passwords on the wikis now, since
>>>> clear text passwords are just too easy to sniff at conferences.
>>> Update: The HTTPS config changes have now been put in place and
>>> HSTS is now also enabled for the wikis:
>>> (allowing redirects to happen on the client side, if the browser
>>> supports HSTS)
>> I've submitted an HSTS preload list entry request to Google for
>> inclusion in their list:
>> Firefox bases its list on Google's, so hopefully wiki.python.org
>> will end up there as well in a few weeks:
> This is added now:
> It'll appear in Chrome after the usual product development
> cycles. Not sure how often Mozilla updates their list.
> Donald: You might want to add pypi.python.org to the HSTS
> list as well.
All of the above is very good news indeed. =)
More information about the pydotorg-www