[Distutils] PEP449 - Removal of the PyPI Mirror Auto Discovery and Naming Scheme
Nick Coghlan
ncoghlan at gmail.com
Thu Aug 29 01:05:45 CEST 2013
On 29 Aug 2013 03:17, "Trishank Karthik Kuppusamy" <tk47 at students.poly.edu>
wrote:
>
> On 08/28/2013 12:09 PM, Christian Theune wrote:
> > Right. It doesn't add any security on its own, but it's a way that
> > people can discover you're using SSL. :) I'll have to read up on how
> > to do HSTS actually …
>
> That was my next question. Does pip honour HSTS? I could be wrong, but I
> do not think so...
It's likely worth checking with Donald and Noah how the SSL enforcement on
PyPI itself is set up. I believe the aim was just to ensure browsers are
always using HTTPS, while switching other tools to SSL still requires
client side updates.
Cheers,
Nick.
>
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130829/fa413dff/attachment-0001.html>
More information about the Distutils-SIG
mailing list