[Python-Dev] Sniffing passwords from PyPI using insecure connection (original) (raw)

Terry Reedy tjreedy at udel.edu
Tue May 31 21:05:29 CEST 2011

• Previous message: [Python-Dev] Sniffing passwords from PyPI using insecure connection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/31/2011 1:04 PM, anatoly techtonik wrote:

Hi,

I'd like to escalate http://bugs.python.org/issue12226 : 'use secured channel for uploading packages to pypi' to be shipped with next Python 2.6+ This will prevent pydotorg password sniffing when submitting packages through public networks (such as hotels).

The requested one character change is

• DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'

• DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'

If Tarek (or perhaps Eric) agree that it is appropriate and otherwise innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.

Terry Jan Reedy

• Previous message: [Python-Dev] Sniffing passwords from PyPI using insecure connection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list