[Python-Dev] Sniffing passwords from PyPI using insecure connection
Terry Reedy
tjreedy at udel.edu
Wed Jun 1 08:33:53 CEST 2011
On 6/1/2011 1:37 AM, "Martin v. Löwis" wrote:
>> The requested one character change is
>> - DEFAULT_REPOSITORY = 'http://pypi.python.org/pypi'
>> + DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'
>>
>> If Tarek (or perhaps Eric) agree that it is appropriate and otherwise
>> innocuous, then Martin and Barry can decide whether to include in 2.5/2.6.
>
> I don't plan any further 2.5 releases, so unless a critical security
> issue pops up, 2.5.6 will have been the last release.
OK. I removed 2.5 from all open issues, closing a few. You could remove
2.5 from the displayed version list so that people cannot add it back or
to new issues.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list