[Python-Dev] Sniffing passwords from PyPI using insecure connection
Tarek Ziadé
ziade.tarek at gmail.com
Sat Jun 4 00:12:34 CEST 2011
On Fri, Jun 3, 2011 at 11:40 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
>> I followed up on the tracker. I'm +0 on adding this to 2.6, but not until
>> after the 2.6.7 release on Friday.
>>
>> How well has this change been tested? Are there people for whom this could
>> break things?
>
> As others have pointed out: it would break systems that don't have the
> _ssl module built.
yeah, we would need to fallback to http in that case.
while using https by default is a nice addition, maybe we should also
look at adding a scp-like upload/register command, since the server
has now this ability.
>
> Regards,
> Martin
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/ziade.tarek%40gmail.com
>
--
Tarek Ziadé | http://ziade.org
More information about the Python-Dev
mailing list