New submission from Ronald Oussoren: All communication with bugs.python.org is over plain HTTP, not HTTPS. This includes user authentication. This means it is unsafe to log in from an untrusted network when your using a username/password to log in. I don't know enough of OpenID to know if that's safer to use.
A possible solution to this problem is to HTTPS-enable the bug reporter (as was done for PyPI) ---------- messages: 2735 nosy: ronaldoussoren priority: wish status: unread title: Plaintext connections when logging in _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue518> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org http://mail.python.org/mailman/listinfo/tracker-discuss