[Python-Dev] Sniffing passwords from PyPI using insecure connection

"Martin v. Löwis" martin at v.loewis.de
Wed Jun 1 07:37:09 CEST 2011

> The requested one character change is
> -    DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
> +    DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
> If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
> innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.

I don't plan any further 2.5 releases, so unless a critical security
issue pops up, 2.5.6 will have been the last release.


More information about the Python-Dev mailing list