On Thu, Sep 5, 2013 at 7:06 PM, M.-A. Lemburg <m...@egenix.com> wrote: > On 04.09.2013 22:26, M.-A. Lemburg wrote: >> On 04.09.2013 22:16, M.-A. Lemburg wrote: >>> On 03.09.2013 16:49, M.-A. Lemburg wrote: >>>> Since the HTTPS redirect are now mostly working (there are still some >>>> details to be worked out), I've removed the wiki banners about the >>>> attack and instead added a section to the front pages of the Python >>>> and Jython wikis. >>>> >>>> It's a good idea to change the passwords on the wikis now, since >>>> clear text passwords are just too easy to sniff at conferences. >>> >>> Update: The HTTPS config changes have now been put in place and >>> >>> HSTS is now also enabled for the wikis: >>> >>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security >>> >>> (allowing redirects to happen on the client side, if the browser >>> supports HSTS) >> >> I've submitted an HSTS preload list entry request to Google for >> inclusion in their list: >> >> https://sites.google.com/a/chromium.org/dev/sts >> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json >> >> Firefox bases its list on Google's, so hopefully wiki.python.org >> will end up there as well in a few weeks: >> >> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/ >> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List > > This is added now: > > http://src.chromium.org/viewvc/chrome?revision=221431&view=revision > > It'll appear in Chrome after the usual product development > cycles. Not sure how often Mozilla updates their list. > > Donald: You might want to add pypi.python.org to the HSTS > list as well.
All of the above is very good news indeed. =) -- anatoly t. _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www