Hi all,
I have now deployed the new passlib/bcrypt and password reset code to
live PyPI. Thanks to everyone who contributed.
I'll start the process of sending the password reset email shortly.
Please change your passwords :-)
Richard
___
Catalog-
Don't forget that you can also just upload a zip script, at least for 2.6+.
I know you still have to support 2.3
On Feb 14, 2013 6:31 PM, "Richard Jones" wrote:
> On 15 February 2013 06:28, Tarek Ziadé wrote:
> > Some tools (setuptools, distribute, zope, pip) use bootstrap files to get
> > insta
On 15 February 2013 06:28, Tarek Ziadé wrote:
> Some tools (setuptools, distribute, zope, pip) use bootstrap files to get
> installed,
>
> In order to have a more secured installation process, we'd like to be able
> to push those files on PyPI so people can download them through https using
> the
On 14.02.2013 23:54, Nick Coghlan wrote:
> On 15 Feb 2013 08:38, "Donald Stufft" wrote:
>>
>> On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
>>>
>>> I don't follow the reasoning here. What's the difference between
>>> uploading a .py file and a .tar.gz file ?
>>>
>>> AFAIK, the on
On 15 Feb 2013 08:38, "Donald Stufft" wrote:
>
> On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
>>
>> I don't follow the reasoning here. What's the difference between
>> uploading a .py file and a .tar.gz file ?
>>
>> AFAIK, the only reason why the file extensions are restricted i
On Thursday, February 14, 2013 at 5:43 PM, PJ Eby wrote:
> On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan (mailto:ncogh...@gmail.com)> wrote:
> > I'm more concerned about phishing style attacks. I don't want the PyPI
> > admins to have to start scanning for hostile names like "distirbute".
> >
>
On Thu, Feb 14, 2013 at 5:43 PM, PJ Eby wrote:
> On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan wrote:
>> I'm more concerned about phishing style attacks. I don't want the PyPI
>> admins to have to start scanning for hostile names like "distirbute".
>
> I'm not sure what you mean. These things ex
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan wrote:
> I'm more concerned about phishing style attacks. I don't want the PyPI
> admins to have to start scanning for hostile names like "distirbute".
I'm not sure what you mean. These things exist only for the
corresponding package (buildout, setup
On 14.02.2013 23:38, Donald Stufft wrote:
> On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
>> I don't follow the reasoning here. What's the difference between
>> uploading a .py file and a .tar.gz file ?
>>
>> AFAIK, the only reason why the file extensions are restricted is to
>> p
On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
> I don't follow the reasoning here. What's the difference between
> uploading a .py file and a .tar.gz file ?
>
> AFAIK, the only reason why the file extensions are restricted is to
> prevent people from uploading MP3s, movies or oth
On Thu, Feb 14, 2013 at 5:13 PM, Donald Stufft wrote:
> This isn't something automated tools are supposed to discover right? They
> previously know where it exists?
Buildout downloads the distribute and/or setuptools bootstrap scripts.
IIUC, it uses hardcoded URLs at the moment.
> Why does it n
On 14.02.2013 23:10, Nick Coghlan wrote:
> On 15 Feb 2013 05:50, "Tarek Ziadé" wrote:
>>
>> On 2/14/13 8:37 PM, Donald Stufft wrote:
>>>
>>> On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan wrote:
...
> I'm more concerned about phishing style attacks. I don't want the PyPI
> admins to have to start scanning for hostile names like "distirbute".
Isn't this an issue for regular distributions too?
>
> So how often do the bootstrap files cha
This isn't something automated tools are supposed to discover right? They
previously
know where it exists? Why does it need to be on PyPI at all? Seems like for this
unusual case just keeping it someplace sane that has a good SSL cert seems like
an obvious solution? Github or Bitbucket or whatever
On 14.02.2013 20:28, Tarek Ziadé wrote:
> Hello
>
> Some tools (setuptools, distribute, zope, pip) use bootstrap files to get
> installed,
>
> In order to have a more secured installation process, we'd like to be able
> to push those files on
> PyPI so people can download them through https us
On 15 Feb 2013 05:50, "Tarek Ziadé" wrote:
>
> On 2/14/13 8:37 PM, Donald Stufft wrote:
>>
>> On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
>>>
>>> Hello
>>>
>>> Some tools (setuptools, distribute, zope, pip) use bootstrap files to
>>> get installed,
>>>
>>> In order to have a more
On 2/14/13 8:37 PM, Donald Stufft wrote:
On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get installed,
In order to have a more secured installation process, we'd like to be
able to push those files on Py
On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
> Hello
>
> Some tools (setuptools, distribute, zope, pip) use bootstrap files to
> get installed,
>
> In order to have a more secured installation process, we'd like to be
> able to push those files on PyPI so people can downloa
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get installed,
In order to have a more secured installation process, we'd like to be
able to push those files on PyPI so people can download them through
https using the PSF certificate.
As Phillip Eby noticed, th
Besides, keep in mind that many people will never explicitly login into PyPI,
they simply use "setup.py upload". As someone mentioned, their account might be
tied to an e-mail that isn't even valid anymore.
I was planning to perform regular email verification for all users of
PyPI (starting wit
Il giorno 14/feb/2013, alle ore 12:00, Ronald Oussoren
ha scritto:
>
> On 14 Feb, 2013, at 11:25, Nick Coghlan wrote:
>
>> On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren
>> wrote:
>>>
>>> On 13 Feb, 2013, at 15:21, Nick Coghlan wrote:
For now, though, we would probably
On 14 Feb, 2013, at 11:25, Nick Coghlan wrote:
> On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren
> wrote:
>>
>> On 13 Feb, 2013, at 15:21, Nick Coghlan wrote:
>>>
>>>
>>> For now, though, we would probably start off with
>>> release/target/timestamp roles sharing a key, all threshold valu
On 14.02.2013 00:17, Richard Jones wrote:
> On 13 February 2013 22:32, Giovanni Bajo wrote:
>> Il giorno 13/feb/2013, alle ore 12:14, Richard Jones ha
>> scritto:
>>>
>>> 2. fix the email password reset debacle (mostly written, not tested),
>>
>> Is this committed anywhere I can take a look?
>
On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren wrote:
>
> On 13 Feb, 2013, at 15:21, Nick Coghlan wrote:
>>
>>
>> For now, though, we would probably start off with
>> release/target/timestamp roles sharing a key, all threshold values set
>> to 1, and just doing simple project based target deleg
On 13 Feb, 2013, at 15:21, Nick Coghlan wrote:
>
>
> For now, though, we would probably start off with
> release/target/timestamp roles sharing a key, all threshold values set
> to 1, and just doing simple project based target delegation to user
> keys. Given the existing GPG infrastructure, I'
25 matches
Mail list logo
