Issue 12357: Python dist modifications for secure PyPI uploads

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/56566

classification

Title:	Python dist modifications for secure PyPI uploads
Type:	security	Stage:	resolved
Components:	Distutils, Distutils2, Installation	Versions:	Python 3.2, Python 2.7, Python 2.6

process

Status:	closed	Resolution:	duplicate
Dependencies:		Superseder:	use HTTPS by default for uploading packages to pypi View: 12226
Assigned To:	tarek	Nosy List:	alexis, eric.araujo, r.david.murray, tarek, techtonik
Priority:	normal	Keywords:

Created on 2011-06-18 09:25 by techtonik, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (7)
msg138576 - (view)	Author: anatoly techtonik (techtonik)	Date: 2011-06-18 09:25
This is the master ticket to support secure uploads of Python packages to PyPI servers using standard Python distribution. Please, add issue12226 as a first child.
msg138579 - (view)	Author: anatoly techtonik (techtonik)	Date: 2011-06-18 09:56
..and issue12358 as a second.
msg138600 - (view)	Author: Éric Araujo (eric.araujo) *	Date: 2011-06-18 20:54
See #12358 for why I think we don’t need three reports for this.
msg138613 - (view)	Author: anatoly techtonik (techtonik)	Date: 2011-06-18 21:57
Why don't you want to wait for the third opinion before judging tickets on your own. Do you understand that this creates a conflict?
msg138614 - (view)	Author: anatoly techtonik (techtonik)	Date: 2011-06-18 21:57
See the same issue12358 for the opposite arguments.
msg138615 - (view)	Author: Éric Araujo (eric.araujo) *	Date: 2011-06-18 22:02
Stefan Krah, Fred L. Drake and Antoine Pitrou agreed with me.
msg138616 - (view)	Author: R. David Murray (r.david.murray) *	Date: 2011-06-18 22:34
Furthermore, Éric is the one who is going to commit the patch, and therefore these tracker issues should be organized to provide him with maximum productivity. If he thinks this should be closed, then it should be closed. If you wish to continue to argue that the change to https should be made without validation, then you can argue it on the other ticket and/or python-dev.

History
Date	User	Action	Args
2022-04-11 14:57:18	admin	set	github: 56566
2011-06-18 22:34:13	r.david.murray	set	status: open -> closed nosy: + r.david.murray messages: + msg138616
2011-06-18 22:02:30	eric.araujo	set	messages: + msg138615
2011-06-18 21:57:57	techtonik	set	messages: + msg138614
2011-06-18 21:57:24	techtonik	set	status: closed -> open messages: + msg138613
2011-06-18 20:54:59	eric.araujo	set	status: open -> closed superseder: use HTTPS by default for uploading packages to pypi messages: + msg138600 dependencies: - use HTTPS by default for uploading packages to pypi, validate server certificate when uploading packages to PyPI resolution: duplicate stage: resolved
2011-06-18 20:52:38	eric.araujo	set	dependencies: + use HTTPS by default for uploading packages to pypi, validate server certificate when uploading packages to PyPI
2011-06-18 09:56:46	techtonik	set	messages: + msg138579
2011-06-18 09:25:34	techtonik	create