[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Ezio Melotti added the comment: This is now fixed thanks to R. David. -- assignedto: -> r.david.murray nosy: +ezio.melotti status: chatting -> resolved ___ PSF Meta Tracker

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Maciej Szulik added the comment: We're currently working with Mark to migrate bpo to a different server. I'll make sure this is fixed along the way. -- nosy: +maciej.szulik ___ PSF Meta Tracker

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Nick Coghlan added the comment: I've added Mark Mangoba (the PSF's Infrastructure Manager) to the nosy list, as the meta-tracker should also be moved to a PSF controlled domain now that bugs.python.org itself has been moved to be directly under PSF management rather than being managed by Upfro

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Mariatta added the comment: What do we need to move this forward? I would like the bug tracker to always be in https. -- nosy: +Mariatta ___ PSF Meta Tracker ___

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

INADA Naoki added the comment: https://www.mozilla.org/en-US/firefox/51.0/releasenotes/ > A warning is displayed when a login page does not have a secure connection I think we should follow "always use HTTPS" trends. -- nosy: +inada.naoki __

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

anatoly techtonik added the comment: I don't use unique password and I believe the next competition organized by some not-well known hacker group may include some Python services just to measure the impact. I don't see any other way to raise the importance of such issues other than transformin

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

R David Murray added the comment: I use unique passwords for all services for exactly this reason so I, for one, am not worried. -- nosy: +r.david.murray ___ PSF Meta Tracker _

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Martin v. Löwis added the comment: Comparing the password hashes is inconclusive; the passwords are salted. In any case, this issue is about a problem that you perceive for yourself. Whether or not other people feel likewise threatened, we cannot know. -- priority: critical -> wish _

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

anatoly techtonik added the comment: I will be interested to know how many developers are using the same password for all *.python.org services. Can you run a hash compare check to see that the risk is really not that high? -- priority: wish -> critical __

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

Martin v. Löwis added the comment: The risk isn't really high. Just chose a password that you don't use anywhere else, and the threat of somebody stealing it can be safely ignored. Somebody might be posting in your name, but that doesn't scare me at all. -- nosy: +loewis status: unrea

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

New submission from anatoly techtonik : I often use unencrypted public WiFi networks and logging in to this tracker (which doesn't have any OAuth2 interface) imposes a high security risk. I propose to make login secure. -- messages: 2505 nosy: techtonik priority: critical status: unrea