[Catalog-sig] UPDATE: PyPI - Python Package Index

[Paul Prescod]

Thomas Heller wrote:
> Richard, a small additional thing:
> 
> You always seem to do GET requests.
> 
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.
> 
> I probably don't know the rules completely, but this is what I do,
> and it makes sense to me:
> 
> - When a request changes something on the server, do a POST.
> 
> - When an URL searches for something, do a GET, so that I can bookmark
> it.

Those rules are quite right and according to the HTTP specification.

> - Otherwise, decide from case to case.

There are very few other cases.

Also, HTTP has a way of doing username and passwords so there should 
seldom be a requirement to pass them as data instead of in the protocol 
headers.

  Paul Prescod