On Feb 11, 2013, at 7:26 AM, "M.-A. Lemburg" <[email protected]> wrote:
> Giovanni Bajo wrote: >> Il giorno 11/feb/2013, alle ore 12:27, Jesse Noller <[email protected]> ha >> scritto: >> >>> Ok, that has to be made clear to the poor guy merging the PR >>> >>> I'm also fine with Christian's migration path; I share his concerns about >>> your approach. >> >> >> This is harder to fix. Christian's main concern is that he doesn't trust me >> and my proposed solution because he didn't see it elsewhere. I saw it >> mentioned many times around, but I think that, at the end of the day, that's >> a red herring: the point is that I'm not in his (and/or your) trust circle, >> but that's fine, we can still find a way around it. It's probably useless >> for me to keep arguing though. >> >> I think that a migration path on login from an unsalted SHA1 is completely >> wrong, so I have a proposal: I will submit it if we agree on resetting all >> the passwords immediately; or within a short timeframe (eg: 2 months), and >> notify all the users to login once as soon as possible (so after 2 months we >> reset passwords of users who haven't logged in). >> >> Would that work? > > Why not leave the decision to change the password to the PyPI users > and only do a blog post and perhaps have a banner on PyPI to notify > them ? > > After all, unlike for the wiki installation, the PyPI passwords were > not compromised. > They were if they used the same one on the wiki > -- > Marc-Andre Lemburg > eGenix.com > > Professional Python Services directly from the Source >>>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > ________________________________________________________________________ > > ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: > > > eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > Registered at Amtsgericht Duesseldorf: HRB 46611 > http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
