On Tuesday, February 12, 2013 at 6:38 AM, Giovanni Bajo wrote: > What about forcing this reset only for users that also have an account on > wiki.python.org (http://wiki.python.org)? > > >
That could be difficult because that's assuming that if they did have the same account that they used the same username or email address (also likely, but not required). Also it doesn't do anything if they have multiple PyPI accounts (project? company?) sharing that password. If the attacker did get the passwords from Moin he has a pretty decent dictionary to start with before he'd need to resort to a "dumb" brute force of PyPI.
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
