[Python-Dev] Sniffing passwords from PyPI using insecure connection
"Martin v. Löwis"
martin at v.loewis.de
Wed Jun 1 07:37:09 CEST 2011
> The requested one character change is
> - DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
> + DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
>
> If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
> innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.
I don't plan any further 2.5 releases, so unless a critical security
issue pops up, 2.5.6 will have been the last release.
Regards,
Martin
More information about the Python-Dev
mailing list