pypi / tools / pw_reset_mailout.py

import sys
import csv
import time
import smtplib

import store
import config


def main():
    c = config.Config('/data/pypi/config.ini')
    if len(sys.argv) != 2:
        st = store.Store(c)
        st.open()
        w = csv.writer(sys.stdout)
        for user in st.get_users():
            w.writerow((user['name'], user['email']))
    else:
        with open(sys.argv[1]) as f:
            for name, email in csv.reader(f):
                message = TEXT.format(name=name, email=email)
                # send email
                s = smtplib.SMTP()
                s.connect('localhost')
                s.sendmail('richard@python.org', [email], message)
                s.close()
                time.sleep(.1)

TEXT = '''From: richard@python.org
To: {email}
Subject: PyPI security notice


TL;DR: please log into PyPI and change your password.

Dear PyPI user {name},

Recently we have been auditing and improving security of the Python Package
Index (PyPI) and other python.org hosts.

You may be aware that the wiki.python.org host was compromised. Since we must
assume that all passwords stored in that system are also compromised, and we
also assume that some users share passwords between python.org systems, we are
performing a password reset of all PyPI accounts in one week's time, at
2013-02-21 00:00 UTC.

If you log in before that deadline and change your password then you'll be
fine, otherwise you'll need to use the password recovery form after the reset
has occurred.

Additionally, we would ask you to begin to access PyPI using HTTPS through the
web. We're in the process of installing a new SSL certificate so the current
Big Red Certificate Warning should go away very soon.

We are in the process of updating the Python packaging toolset to use HTTPS.

These steps are but a couple of those we're intending to take to better secure
PyPI. If you are interested in these matters I encourage you to participate in
the discussion on the catalog SIG:

http://mail.python.org/mailman/listinfo/catalog-sig


    Richard Jones
    richard@python.org
    PyPI Maintainer
'''

if __name__ == '__main__':
    main()
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.