[Python-Dev] Sniffing passwords from PyPI using insecure connection
ziade.tarek at gmail.com
Sat Jun 4 00:12:34 CEST 2011
On Fri, Jun 3, 2011 at 11:40 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
>> I followed up on the tracker. I'm +0 on adding this to 2.6, but not until
>> after the 2.6.7 release on Friday.
>> How well has this change been tested? Are there people for whom this could
>> break things?
> As others have pointed out: it would break systems that don't have the
> _ssl module built.
yeah, we would need to fallback to http in that case.
while using https by default is a nice addition, maybe we should also
look at adding a scp-like upload/register command, since the server
has now this ability.
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/ziade.tarek%40gmail.com
Tarek Ziadé | http://ziade.org
More information about the Python-Dev