classification
Title: Python dist modifications for secure PyPI uploads
Type: security Stage: resolved
Components: Distutils, Distutils2, Installation Versions: Python 3.2, Python 2.7, Python 2.6
process
Status: closed Resolution: duplicate
Dependencies: Superseder: use HTTPS by default for uploading packages to pypi
View: 12226
Assigned To: tarek Nosy List: alexis, eric.araujo, r.david.murray, tarek, techtonik
Priority: normal Keywords:

Created on 2011-06-18 09:25 by techtonik, last changed 2011-06-18 22:34 by r.david.murray. This issue is now closed.

Messages (7)
msg138576 - (view) Author: anatoly techtonik (techtonik) Date: 2011-06-18 09:25
This is the master ticket to support secure uploads of Python packages to PyPI servers using standard Python distribution.

Please, add issue12226 as a first child.
msg138579 - (view) Author: anatoly techtonik (techtonik) Date: 2011-06-18 09:56
..and issue12358 as a second.
msg138600 - (view) Author: Éric Araujo (eric.araujo) * (Python committer) Date: 2011-06-18 20:54
See #12358 for why I think we don’t need three reports for this.
msg138613 - (view) Author: anatoly techtonik (techtonik) Date: 2011-06-18 21:57
Why don't you want to wait for the third opinion before judging tickets on your own. Do you understand that this creates a conflict?
msg138614 - (view) Author: anatoly techtonik (techtonik) Date: 2011-06-18 21:57
See the same issue12358 for the opposite arguments.
msg138615 - (view) Author: Éric Araujo (eric.araujo) * (Python committer) Date: 2011-06-18 22:02
Stefan Krah, Fred L. Drake and Antoine Pitrou agreed with me.
msg138616 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2011-06-18 22:34
Furthermore, Éric is the one who is going to commit the patch, and therefore these tracker issues should be organized to provide him with maximum productivity.  If he thinks this should be closed, then it should be closed.

If you wish to continue to argue that the change to https should be made without validation, then you can argue it on the other ticket and/or python-dev.
History
Date User Action Args
2011-06-18 22:34:13r.david.murraysetstatus: open -> closed
nosy: + r.david.murray
messages: + msg138616

2011-06-18 22:02:30eric.araujosetmessages: + msg138615
2011-06-18 21:57:57techtoniksetmessages: + msg138614
2011-06-18 21:57:24techtoniksetstatus: closed -> open

messages: + msg138613
2011-06-18 20:54:59eric.araujosetstatus: open -> closed
superseder: use HTTPS by default for uploading packages to pypi
messages: + msg138600

dependencies: - use HTTPS by default for uploading packages to pypi, validate server certificate when uploading packages to PyPI
resolution: duplicate
stage: resolved
2011-06-18 20:52:38eric.araujosetdependencies: + use HTTPS by default for uploading packages to pypi, validate server certificate when uploading packages to PyPI
2011-06-18 09:56:46techtoniksetmessages: + msg138579
2011-06-18 09:25:34techtonikcreate