On Feb 6, 2013, at 5:06 PM, mar...@v.loewis.de wrote:
>> Javascript hosted on packages.python.org has access to cookies on >> python.org, If python.org has >> any sort of login it's trivial to steal a session cookie. > > No, it doesn't. Cookies for "python.org" are not available to > "packages.python.org". > It would have to be a cookie for ".python.org". We don't issue such cookies. > > Regards, > Martin > We probably will on the new site. > > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
