Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-31 Thread Alex Domoradov
Yes, I know that. But unfortunately it's a legacy, so there is no way :( I have resolved my issue with the following line in Dockerfile RUN echo "[easy_install]\n\nindex-url = https://pypi.python.org/simple/; > ~/.pydistutils.cfg On Mon, Oct 30, 2017 at 3:21 PM, Marius Gedminas

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-31 Thread Marius Gedminas
On Sat, Oct 28, 2017 at 12:22:32AM +0300, Alex Domoradov wrote: > I got it. And what I should do with old system? For e.g. we still use ubuntu > 12.04. Is there any way to upgrade pip/setuptools? If you're using Ubuntu 12.04, then presumably you're paying Canoncial for extended support, so ask

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Wes Turner
- Are there issue tickets which contain the search-indexed ERROR_STRINGS users may encounter due to this change? - Does it make sense to add an update regarding this necessary security upgrade to https://status.python.org (which can be subscribed to and followed on

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Wes Turner
On Friday, October 27, 2017, Paul Moore wrote: > On 27 October 2017 at 22:22, Alex Domoradov > wrote: > > I got it. And what I should do with old system? For e.g. we still use > ubuntu > > 12.04. Is there any way to upgrade pip/setuptools?

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Alex Domoradov
I got it. And what I should do with old system? For e.g. we still use ubuntu 12.04. Is there any way to upgrade pip/setuptools? On Fri, Oct 27, 2017 at 11:17 PM, Paul Moore wrote: > On 27 October 2017 at 21:05, Leonardo Rochael Almeida > wrote: > > By

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Paul Moore
On 27 October 2017 at 22:22, Alex Domoradov wrote: > I got it. And what I should do with old system? For e.g. we still use ubuntu > 12.04. Is there any way to upgrade pip/setuptools? Well, if Ubuntu aren't offering an upgrade, you can do pip install -i

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Paul Moore
On 27 October 2017 at 21:05, Leonardo Rochael Almeida wrote: > By the way, some pages on pypi itself are pointing to http: > > See, e.g. the "Download URL:" link here: > > https://pypi.python.org/pypi/google-appengine That's the project itself doing that, I believe (it's

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Leonardo Rochael Almeida
By the way, some pages on pypi itself are pointing to http: See, e.g. the "Download URL:" link here: https://pypi.python.org/pypi/google-appengine On 27 October 2017 at 17:22, Nathaniel Smith wrote: > On Oct 27, 2017 11:49, "Alex Domoradov" wrote: > > RUN

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Nathaniel Smith
On Oct 27, 2017 11:49, "Alex Domoradov" wrote: RUN pip install --upgrade pip Try upgrading setuptools here too. -n ___ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig

[Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Alex Domoradov
> This will probably (unfortunately) break some things for some people, > which is worrying. But it is the right thing to do and good advice in > general. Did I miss something, but I can't install some package. I use docker and get the following $ cat Dockerfile FROM ubuntu:16.04 RUN apt-get

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Alex Walters
> -Original Message- > From: Distutils-SIG [mailto:distutils-sig-bounces+tritium- > list=sdamon@python.org] On Behalf Of Erik Bray > Sent: Friday, October 27, 2017 11:16 AM > To: Distutils <distutils-sig@python.org> > Subject: Re: [Distutils] Disabling

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-27 Thread Erik Bray
On Thu, Oct 26, 2017 at 5:11 PM, Donald Stufft wrote: > Historically PyPI was only available over either HTTP or unvalidated HTTPS, > and over time we’ve been pushing more and more traffic onto HTTPS. In > Warehouse the decision was made to *not* redirect “API” URLs from HTTP to

Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-26 Thread Nate Coraor
Heads up to anyone running pypiserver, this breaks the default redirection from pypiserver to PyPI. There's an open issue[1] to fix it. In the meantime, you can use the pypiserver option `--fallback-url https://pypi.python.org/simple/` to work around it. --nate [1]

[Distutils] Disabling non HTTPS access to APIs on PyPI

2017-10-26 Thread Donald Stufft
Historically PyPI was only available over either HTTP or unvalidated HTTPS, and over time we’ve been pushing more and more traffic onto HTTPS. In Warehouse the decision was made to *not* redirect “API” URLs from HTTP to HTTPS, but to rather return an error accessing them from HTTP. This is