-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there,
I appreciate all the work done on making PyPI making more secure. However this switch has not been tested properly and the current massive problems cause world wide trouble. Any chance to fix this soon or what is the way to use http:// only until the problem is fixed? Andreas Richard Jones wrote: > Hi all, > > I've just altered the nginx configuration to promote (ie. redirect > to) HTTPS for all GET/HEAD requests. This includes HSTS, but I've set > the lifetime to 1 day just in case there's some HTTPS compatibility > issues. Once it's bedded down I'll bump it to a year. > > I looked into distutils, but since it uses urllib and urllib just > raises an error on 307 redirects we're a little stymied as to what > we can actually do for POSTs for it... > > We really need to fix distutils to replace the HTTP URL with HTTPS > and handle .pypirc issues. At this point I believe our options are: > > 1. live with it, 2. incorporate some monkey-patching into distribute > and setuptools and promote those, 3. write a stand-alone uploader (or > add such functionality to pip) which can monkey-patch distutils, 4. > fix distutils (and accept a long lead time to actual impact), or 5. > all of the above > > > Richard _______________________________________________ Catalog-SIG > mailing list [email protected] > http://mail.python.org/mailman/listinfo/catalog-sig - -- ZOPYX Limited | Python | Zope | Plone | MongoDB Hundskapfklinge 33 | Consulting & Development D-72074 Tübingen | Electronic Publishing Solutions www.zopyx.com | Scalable Web Solutions - -------------------------------------------------- Produce & Publish - www.produce-and-publish.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJRI5E6AAoJEADcfz7u4AZjBJMLwKQOxMpQA69FdhlGwRAX34Ef agsNPZINl+Z80frVtMw+VE3HTryp/usfElwTsi2ivY1X/hZYK3ga6zxLybItvkWx YkrbYAssID2eEfgSs4QKJ6D2z2iNM1LYmjgHwabYR5kYQnq+1ENB3jszWbReCKgm BMq+ETa/ZwAqdfrQC5JG0UEHGNRA7YJUrzejAcvHvfef6G4tu9P07fVau3zX1k3n Wa0PuCpPmpDPn/SYteiurXZaBpBtloHlnOij8Zn5bBThZ+rc85wv8gp7PfiP82nw 1xe7Inp+thlDCrYPcyKEQO8DmDMVE56is5O4DCJ4Ni/Y0pPRf1H+lU8DUgI1rrmS p+0kOJsUDOtspvr3AnCkT/2Ncz0iwr0rbPZnVqNUpYUB9vDfeJ8L6pq7h6Fvh7CG dARrhTtTVkb1ovQlyv0hrSyzw2YVIihClcWtYGHy31k//M4RvTj0wEnVV5KsqBmN 8kfDuqPFyo3kJx+OtGr54sNV5KQ8UlM= =H/Lb -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
