On 29 Aug 2013 03:17, "Trishank Karthik Kuppusamy" <t...@students.poly.edu> wrote: > > On 08/28/2013 12:09 PM, Christian Theune wrote: > > Right. It doesn't add any security on its own, but it's a way that > > people can discover you're using SSL. :) I'll have to read up on how > > to do HSTS actually … > > That was my next question. Does pip honour HSTS? I could be wrong, but I > do not think so...
It's likely worth checking with Donald and Noah how the SSL enforcement on PyPI itself is set up. I believe the aim was just to ensure browsers are always using HTTPS, while switching other tools to SSL still requires client side updates. Cheers, Nick. > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > http://mail.python.org/mailman/listinfo/distutils-sig >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
