[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-09-07 Thread Ezio Melotti 

Ezio Melotti added the comment:

This is now fixed thanks to R. David.

--
assignedto:  -> r.david.murray
nosy: +ezio.melotti
status: chatting -> resolved

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-06-07 Thread Maciej Szulik 

Maciej Szulik added the comment:

We're currently working with Mark to migrate bpo to a different server. I'll 
make sure this is fixed along the way.

--
nosy: +maciej.szulik

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-04-25 Thread Nick Coghlan 

Nick Coghlan added the comment:

I've added Mark Mangoba (the PSF's Infrastructure Manager) to the nosy list, as 
the meta-tracker should also be moved to a PSF controlled domain now that 
bugs.python.org itself has been moved to be directly under PSF management 
rather than being managed by Upfront Systems.

--
nosy: +mmangoba, ncoghlan

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-04-13 Thread Mariatta 

Mariatta added the comment:

What do we need to move this forward? I would like the bug tracker to always be 
in https.

--
nosy: +Mariatta

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-01-24 Thread INADA Naoki 

INADA Naoki added the comment:

https://www.mozilla.org/en-US/firefox/51.0/releasenotes/

> A warning is displayed when a login page does not have a secure connection

I think we should follow "always use HTTPS" trends.

--
nosy: +inada.naoki

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2013-09-27 Thread anatoly techtonik 

anatoly techtonik added the comment:

I don't use unique password and I believe the next competition organized by 
some not-well known hacker group may include some Python services just to 
measure the impact. I don't see any other way to raise the importance of such 
issues other than transforming them into personal experience.

--
priority: wish -> urgent

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-29 Thread R David Murray 

R David Murray  added the comment:

I use unique passwords for all services for exactly this reason so I, for one, 
am not worried.

--
nosy: +r.david.murray

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-25 Thread Martin v . Löwis 

Martin v. Löwis  added the comment:

Comparing the password hashes is inconclusive; the passwords are salted.

In any case, this issue is about a problem that you perceive for yourself. 
Whether or not other people feel likewise threatened, we cannot know.

--
priority: critical -> wish

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-25 Thread anatoly techtonik 

anatoly techtonik  added the comment:

I will be interested to know how many developers are using the same password 
for all *.python.org services. Can you run a hash compare check to see that the 
risk is really not that high?

--
priority: wish -> critical

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-25 Thread Martin v . Löwis 

Martin v. Löwis  added the comment:

The risk isn't really high. Just chose a password that you don't use anywhere 
else, and the threat of somebody stealing it can be safely ignored. Somebody 
might be posting in your name, but that doesn't scare me at all.

--
nosy: +loewis
status: unread -> chatting

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-21 Thread anatoly techtonik 

New submission from anatoly techtonik :

I often use unencrypted public WiFi networks and logging in to this tracker 
(which doesn't have any OAuth2 interface) imposes a high security risk. I 
propose to make login secure.

--
messages: 2505
nosy: techtonik
priority: critical
status: unread
title: HTTPS only version for login for this tracker

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
http://mail.python.org/mailman/listinfo/tracker-discuss