Maciej Szulik added the comment:
We're currently working with Mark to migrate bpo to a different server. I'll
make sure this is fixed along the way.
--
nosy: +maciej.szulik
___
PSF Meta Tracker
Nick Coghlan added the comment:
I've added Mark Mangoba (the PSF's Infrastructure Manager) to the nosy list, as
the meta-tracker should also be moved to a PSF controlled domain now that
bugs.python.org itself has been moved to be directly under PSF management
rather than being managed by
Mariatta added the comment:
What do we need to move this forward? I would like the bug tracker to always be
in https.
--
nosy: +Mariatta
___
PSF Meta Tracker
INADA Naoki added the comment:
https://www.mozilla.org/en-US/firefox/51.0/releasenotes/
> A warning is displayed when a login page does not have a secure connection
I think we should follow "always use HTTPS" trends.
--
nosy: +inada.naoki
anatoly techtonik added the comment:
I don't use unique password and I believe the next competition organized by
some not-well known hacker group may include some Python services just to
measure the impact. I don't see any other way to raise the importance of such
issues other than
R David Murray rdmur...@bitdance.com added the comment:
I use unique passwords for all services for exactly this reason so I, for one,
am not worried.
--
nosy: +r.david.murray
___
PSF Meta Tracker metatrac...@psf.upfronthosting.co.za
Martin v. Löwis mar...@v.loewis.de added the comment:
The risk isn't really high. Just chose a password that you don't use anywhere
else, and the threat of somebody stealing it can be safely ignored. Somebody
might be posting in your name, but that doesn't scare me at all.
--
nosy:
anatoly techtonik techto...@gmail.com added the comment:
I will be interested to know how many developers are using the same password
for all *.python.org services. Can you run a hash compare check to see that the
risk is really not that high?
--
priority: wish - critical
New submission from anatoly techtonik techto...@gmail.com:
I often use unencrypted public WiFi networks and logging in to this tracker
(which doesn't have any OAuth2 interface) imposes a high security risk. I
propose to make login secure.
--
messages: 2505
nosy: techtonik
priority: