distribute_setup.py should use https, not http, to access pypi

Pierre Carbonnelle avatarPierre Carbonnelle created an issue

A security vulnerability of PyPI was exposed on reddit a couple of weeks ago, and appropriate actions are taken on pip to use https to access PyPI. Developers there are also concerned with distribute

I see that distribute_setup.py pulls data via http: DEFAULT_URL = "http://pypi.python.org/packages/source/d/distribute/"

This vulnerability should be fixed. There may be others in distribute.

This should be corrected ASAP.

Comments (2)

  1. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.