On 04.09.2013 22:26, M.-A. Lemburg wrote: > On 04.09.2013 22:16, M.-A. Lemburg wrote: >> On 03.09.2013 16:49, M.-A. Lemburg wrote: >>> Since the HTTPS redirect are now mostly working (there are still some >>> details to be worked out), I've removed the wiki banners about the >>> attack and instead added a section to the front pages of the Python >>> and Jython wikis. >>> >>> It's a good idea to change the passwords on the wikis now, since >>> clear text passwords are just too easy to sniff at conferences. >> >> Update: The HTTPS config changes have now been put in place and >> >> HSTS is now also enabled for the wikis: >> >> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security >> >> (allowing redirects to happen on the client side, if the browser >> supports HSTS) > > I've submitted an HSTS preload list entry request to Google for > inclusion in their list: > > https://sites.google.com/a/chromium.org/dev/sts > https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json > > Firefox bases its list on Google's, so hopefully wiki.python.org > will end up there as well in a few weeks: > > http://blog.mozilla.org/security/2012/11/01/preloading-hsts/ > https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
This is added now: http://src.chromium.org/viewvc/chrome?revision=221431&view=revision It'll appear in Chrome after the usual product development cycles. Not sure how often Mozilla updates their list. Donald: You might want to add pypi.python.org to the HSTS list as well. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Sep 05 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2013-09-04: Released eGenix pyOpenSSL 0.13.2 ... http://egenix.com/go48 2013-09-20: PyCon UK 2013, Coventry, UK ... 15 days to go 2013-09-28: PyDDF Sprint ... 23 days to go eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www