[Catalog-sig] Fwd: readthedocs.org or packages.python.org?

martin at v.loewis.de martin at v.loewis.de
Wed Feb 6 23:06:52 CET 2013

Previous message: [Catalog-sig] [Draft] Package signing and verification process
Next message: [Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Javascript hosted on packages.python.org has access to cookies on  
> python.org, If python.org has
> any sort of login it's trivial to steal a session cookie.

No, it doesn't. Cookies for "python.org" are not available to  
"packages.python.org".
It would have to be a cookie for ".python.org". We don't issue such cookies.

Regards,
Martin

Previous message: [Catalog-sig] [Draft] Package signing and verification process
Next message: [Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Catalog-SIG mailing list