Package: lintian4python Version: 0.23.2 Severity: wishlist Possible description: The watch file is pointing at PyPI, using a http URL, not https. PyPI now has https enabled, you should be able to simply switch to https.
PyPI has been https-enabled for some time now, and has recently started pushing hard for everyone to use https only. While it supports PGP-signed uploads, the majority of packages aren't signed, and it'd best for our maintainers to use https when downloading new upstream releases. The PyPI maintainers are encouraging everyone to use https everywhere: http://mechanicalcat.net/richard/log/Python/PyPI_password_related_security_changes SR -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org