[Python-Dev] Sniffing passwords from PyPI using insecure connection
barry at python.org
Wed Jun 1 13:08:18 CEST 2011
On Jun 01, 2011, at 02:33 AM, Terry Reedy wrote:
>On 6/1/2011 1:37 AM, "Martin v. Löwis" wrote:
>>> The requested one character change is
>>> - DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
>>> + DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
>>> If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
>>> innocuous, then Martin and Barry can decide whether to include in 2.5/2.
>> I don't plan any further 2.5 releases, so unless a critical security
>> issue pops up, 2.5.6 will have been the last release.
>OK. I removed 2.5 from all open issues, closing a few. You could remove 2.5
>from the displayed version list so that people cannot add it back or to new
I followed up on the tracker. I'm +0 on adding this to 2.6, but not until
after the 2.6.7 release on Friday.
How well has this change been tested? Are there people for whom this could
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Python-Dev