[Python-Dev] Sniffing passwords from PyPI using insecure connection

Terry Reedy tjreedy at udel.edu
Wed Jun 1 08:33:53 CEST 2011

On 6/1/2011 1:37 AM, "Martin v. Löwis" wrote:
>> The requested one character change is
>> -    DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
>> +    DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
>> If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
>> innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.
> I don't plan any further 2.5 releases, so unless a critical security
> issue pops up, 2.5.6 will have been the last release.

OK. I removed 2.5 from all open issues, closing a few. You could remove 
2.5 from the displayed version list so that people cannot add it back or 
to new issues.

Terry Jan Reedy

More information about the Python-Dev mailing list