[Python-Dev] Sniffing passwords from PyPI using insecure connection

Tarek Ziadé ziade.tarek at gmail.com
Sat Jun 4 00:12:34 CEST 2011

On Fri, Jun 3, 2011 at 11:40 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
>> I followed up on the tracker.  I'm +0 on adding this to 2.6, but not until
>> after the 2.6.7 release on Friday.
>> How well has this change been tested?  Are there people for whom this could
>> break things?
> As others have pointed out: it would break systems that don't have the
> _ssl module built.

yeah, we would need to fallback to http in that case.

while using https by default is a nice addition, maybe we should also
look at adding a scp-like upload/register command, since the server
has now this ability.

> Regards,
> Martin
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/ziade.tarek%40gmail.com

Tarek Ziadé | http://ziade.org

More information about the Python-Dev mailing list