distribute_setup.py should use https, not http, to access pypi

Issue #354 new
Pierre Carbonnelle
created an issue

A security vulnerability of PyPI was exposed on reddit a couple of weeks ago, and appropriate actions are taken on pip to use https to access PyPI. Developers there are also concerned with distribute

I see that distribute_setup.py pulls data via http:
DEFAULT_URL = "http://pypi.python.org/packages/source/d/distribute/"

This vulnerability should be fixed. There may be others in distribute.

This should be corrected ASAP.

Comments (2)

  1. Log in to comment