[TriZPUG] Fwd: PyPI security notice
Chris Calloway
cbc at unc.edu
Fri Feb 15 04:04:00 CET 2013
Thanks to what was undoubtedly hard work, a lot of wiki.python.org has
been restored (so the trizpug.org "Get Up To Speed" links work again).
But things are not completely back to normal yet:
-------- Original Message --------
Subject: PyPI security notice
Date: Fri, 15 Feb 2013 02:57:19 +0000
From: <richard at python.org>
TL;DR: please log into PyPI and change your password.
Dear PyPI user,
Recently we have been auditing and improving security of the Python
Package Index (PyPI) and other python.org hosts.
You may be aware that the wiki.python.org host was compromised. Since
we must assume that all passwords stored in that system are also
compromised, and we also assume that some users share passwords between
python.org systems, I will be performing a password reset of all PyPI
accounts in one week's time, at 2013-02-22 00:00 UTC.
If you log in before that deadline and change your password then you'll
be fine, otherwise you'll need to use the password recovery form after
the reset has occurred.
Additionally, I ask you to begin to access PyPI using HTTPS through the
web. We're in the process of installing a new SSL certificate so the
current Big Red Certificate Warning should go away very soon.
We are in the process of updating the Python packaging toolset to use HTTPS.
These steps are but a couple of those we're intending to take to better
secure PyPI. If you are interested in these matters I encourage you to
participate in the discussion on the catalog SIG:
http://mail.python.org/mailman/listinfo/catalog-sig
Finally, I apologise for any inconvenience these changes have caused.
Richard Jones <richard at python.org>
PyPI Maintainer
More information about the TriZPUG
mailing list