On 07/25/2017 05:25 PM, Noah Kantrowitz wrote: > >> On Jul 25, 2017, at 2:15 PM, Wes Turner <wes.tur...@gmail.com> wrote: >> >> >> >> On Tuesday, July 25, 2017, Alexander Belopolsky >> <alexander.belopol...@gmail.com> wrote: >> On Tue, Jul 25, 2017 at 4:18 PM, Nick Timkovich <prometheus...@gmail.com> >> wrote: >> .. >>> That's because curl is kinda annoying and doesn't follow redirects by >>> default: >>> >>> $ curl -i http://pypi.python.org/pypi/virtualenv/json >>> HTTP/1.1 301 Moved Permanently >>> ... >> >> Well, http://pypi.org/.. which is presumably the home of the latest >> PyPI returns 403: >> >> $ curl -i http://pypi.org/pypi/virtualenv/json >> HTTP/1.1 403 SSL is required >> ... >> >> This suggests that redirects are considered to be legacy and may not >> be supported in the future. >> >> Here are the warehouse routes: >> https://github.com/pypa/warehouse/blob/master/warehouse/routes.py >> >> Why do you need an http to https redirect? > > To explain this: pypi.org is on the HSTS preload list so all major > browsers will automatically use HTTPS for it no matter what. cURL does > not support this feature. Seems like having an unconditional HTTP->HTTPS redirect in place would be a "good neighbor" kind of thing (and belt-and-suspenders, as well).
Tres. -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig