On Feb 6, 2013, at 6:41 PM, Richard Jones <rich...@python.org> wrote:
> On 7 February 2013 09:55, Donald Stufft <donald.stu...@gmail.com> wrote: >> http://en.wikipedia.org/wiki/Session_fixation >> >> packages.python.org can set a .python.org cookie which www.python.org will >> read. > > Damn, cookies are busted :-( > > At least secure cookies are safe, right? Right? Ugh, probably not. > > So the only real solution is the one you use, which is to set up the > unsafe content on a separate domain. Easy enough, even I can buy > domains ;-) > > I hear read the docs is popular ;) > Richard > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
