Issue #354 new should use https, not http, to access pypi

Pierre Carbonnelle
created an issue

A security vulnerability of PyPI was exposed on reddit a couple of weeks ago, and appropriate actions are taken on pip to use https to access PyPI. Developers there are also concerned with distribute

I see that pulls data via http: DEFAULT_URL = ""

This vulnerability should be fixed. There may be others in distribute.

This should be corrected ASAP.

Comments (2)

  1. Log in to comment