[Python-Dev] Sniffing passwords from PyPI using insecure connection (original) (raw)
Tarek Ziadé ziade.tarek at gmail.com
Sat Jun 4 00:12:34 CEST 2011
- Previous message: [Python-Dev] Sniffing passwords from PyPI using insecure connection
- Next message: [Python-Dev] Extending os.chown() to accept user/group names
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jun 3, 2011 at 11:40 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
I followed up on the tracker. I'm +0 on adding this to 2.6, but not until after the 2.6.7 release on Friday.
How well has this change been tested? Are there people for whom this could break things? As others have pointed out: it would break systems that don't have the ssl module built.
yeah, we would need to fallback to http in that case.
while using https by default is a nice addition, maybe we should also look at adding a scp-like upload/register command, since the server has now this ability.
Regards, Martin
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/ziade.tarek%40gmail.com
-- Tarek Ziadé | http://ziade.org
- Previous message: [Python-Dev] Sniffing passwords from PyPI using insecure connection
- Next message: [Python-Dev] Extending os.chown() to accept user/group names
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]