Just a follow up.
On Jan 26, 2014, at 4:40 PM, Richard Jones rich...@python.org wrote:
It definitely looks like we've got some issues introduced in recent server
migrations and reconfigurations. Things I'm aware of:
- OAuth is busted
- OpenID is confused and/or busted
These two issues
Donald Stufft donald at stufft.io writes:
Just a follow up.
- OAuth is busted
These two issues existed prior to the migration as far as I can tell.
Correct. We've discussed Oauth in IRC and this ticket has existed since late
last year:
-
On Jan 27, 2014, at 7:28 AM, Alex Clark acl...@aclark.net wrote:
Donald Stufft donald at stufft.io writes:
Just a follow up.
- OAuth is busted
These two issues existed prior to the migration as far as I can tell.
Correct. We've discussed Oauth in IRC and this ticket has
Donald Stufft donald at stufft.io writes:
Most likely the issue is just that PyPI isn’t realizing
that it’s being accessed via HTTPS.
Can you say more about this? If that's the case, then it sounds like someone
can send you a pull request to remove the (bogus?) https check and we are done.
On Jan 27, 2014, at 7:39 AM, Alex Clark acl...@aclark.net wrote:
Donald Stufft donald at stufft.io writes:
Most likely the issue is just that PyPI isn’t realizing
that it’s being accessed via HTTPS.
Can you say more about this? If that's the case, then it sounds like someone
can send
I haven’t looked into it yet simply out of a function of time. Obviously PyPI
is checking
if it’s being accessed via HTTPS somehow, and obviously (due to the nature of
the
error) it doesn’t believe it is being accessed via HTTPS. Since I know that
it shouldn’t
be possible to access PyPI
Hello,
Le 26/01/2014 06:03, mar...@v.loewis.de a écrit :
There is one usecase that still isn't addressed by any of the alternatives:
Automated uploads still require the password to be stored on disk. So if
the laptop is stolen, the password may get stolen as well.
With SSH upload, the
Quoting Richard Jones rich...@python.org:
Thanks everyone who helped make this happen.
From my perspective* I believe the ssh upload mechanism was added to
address security issues around the basic-auth-over-http method used
historically. Now uploads *may* be done over https, and those using
s/states/salt states/
On Sat, Jan 25, 2014 at 9:15 PM, Kyle Kelley rgb...@gmail.com wrote:
Congrats! Thanks for always making the PyPI infrastructure better and
better.
Where are the states stored?
On Sat, Jan 25, 2014 at 5:18 PM, Donald Stufft don...@stufft.io wrote:
On Jan 25, 2014,
Congrats! Thanks for always making the PyPI infrastructure better and
better.
Where are the states stored?
On Sat, Jan 25, 2014 at 5:18 PM, Donald Stufft don...@stufft.io wrote:
On Jan 25, 2014, at 7:04 PM, Chris Jerdonek chris.jerdo...@gmail.com
wrote:
On Sat, Jan 25, 2014 at 3:38 PM,
On 1/25/14, 6:38 PM, Donald Stufft wrote:
My question
to you is, is this something that distutils-sig is willing to have happen? If
we are to re-enable pypissh we’ll need to write a new solution to doing it that
can be properly HA’d and we’d prefer to put our efforts into improving things
for a
It definitely looks like we've got some issues introduced in recent server
migrations and reconfigurations. Things I'm aware of:
- OAuth is busted
- OpenID is confused and/or busted
- password reset is possibly busted
- pypissh is busted
Richard
On 27 January 2014 00:26, Alex Clark
Today (Sat Jan 25, 2014) the Infrastructure team has migrated PyPI to new
infrastructure.
The old infrastructure was:
- a single database server managed by OSUOSL
- a pair of load balancers shared by all of the python.org services hosted on
OSUOSL
- a single backend VM that served as
Thanks everyone who helped make this happen.
From my perspective* I believe the ssh upload mechanism was added to
address security issues around the basic-auth-over-http method used
historically. Now uploads *may* be done over https, and those using the ssh
method can move over to using twine or
On Sat, Jan 25, 2014 at 3:38 PM, Donald Stufft don...@stufft.io wrote:
Today (Sat Jan 25, 2014) the Infrastructure team has migrated PyPI to new
infrastructure.
The old infrastructure was:
- a single database server managed by OSUOSL
- a pair of load balancers shared by all of the
On Jan 25, 2014, at 7:04 PM, Chris Jerdonek chris.jerdo...@gmail.com wrote:
On Sat, Jan 25, 2014 at 3:38 PM, Donald Stufft don...@stufft.io wrote:
Today (Sat Jan 25, 2014) the Infrastructure team has migrated PyPI to new
infrastructure.
The old infrastructure was:
- a single database
On 26 Jan 2014 09:51, Richard Jones rich...@python.org wrote:
Thanks everyone who helped make this happen.
Indeed - fine work! :)
From my perspective* I believe the ssh upload mechanism was added to
address security issues around the basic-auth-over-http method used
historically. Now uploads
I'll get in touch with Martin.
On 26 January 2014 11:40, Nick Coghlan ncogh...@gmail.com wrote:
On 26 Jan 2014 09:51, Richard Jones rich...@python.org wrote:
Thanks everyone who helped make this happen.
Indeed - fine work! :)
From my perspective* I believe the ssh upload mechanism
On Jan 25, 2014, at 11:15 PM, Kyle Kelley rgb...@gmail.com wrote:
Where are the states stored?
https://github.com/python/pypi-salt
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with
19 matches
Mail list logo
