[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-06-07 Thread Maciej Szulik
Maciej Szulik added the comment: We're currently working with Mark to migrate bpo to a different server. I'll make sure this is fixed along the way. -- nosy: +maciej.szulik ___ PSF Meta Tracker

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-04-25 Thread Nick Coghlan
Nick Coghlan added the comment: I've added Mark Mangoba (the PSF's Infrastructure Manager) to the nosy list, as the meta-tracker should also be moved to a PSF controlled domain now that bugs.python.org itself has been moved to be directly under PSF management rather than being managed by

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-04-13 Thread Mariatta
Mariatta added the comment: What do we need to move this forward? I would like the bug tracker to always be in https. -- nosy: +Mariatta ___ PSF Meta Tracker

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2017-01-24 Thread INADA Naoki
INADA Naoki added the comment: https://www.mozilla.org/en-US/firefox/51.0/releasenotes/ > A warning is displayed when a login page does not have a secure connection I think we should follow "always use HTTPS" trends. -- nosy: +inada.naoki

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2013-09-27 Thread anatoly techtonik
anatoly techtonik added the comment: I don't use unique password and I believe the next competition organized by some not-well known hacker group may include some Python services just to measure the impact. I don't see any other way to raise the importance of such issues other than

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-29 Thread R David Murray
R David Murray rdmur...@bitdance.com added the comment: I use unique passwords for all services for exactly this reason so I, for one, am not worried. -- nosy: +r.david.murray ___ PSF Meta Tracker metatrac...@psf.upfronthosting.co.za

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-25 Thread Martin v . Löwis
Martin v. Löwis mar...@v.loewis.de added the comment: The risk isn't really high. Just chose a password that you don't use anywhere else, and the threat of somebody stealing it can be safely ignored. Somebody might be posting in your name, but that doesn't scare me at all. -- nosy:

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-25 Thread anatoly techtonik
anatoly techtonik techto...@gmail.com added the comment: I will be interested to know how many developers are using the same password for all *.python.org services. Can you run a hash compare check to see that the risk is really not that high? -- priority: wish - critical

[Tracker-discuss] [issue463] HTTPS only version for login for this tracker

2012-05-21 Thread anatoly techtonik
New submission from anatoly techtonik techto...@gmail.com: I often use unencrypted public WiFi networks and logging in to this tracker (which doesn't have any OAuth2 interface) imposes a high security risk. I propose to make login secure. -- messages: 2505 nosy: techtonik priority: