[Distutils] PEP453 - Explicit bootstrapping of pip in Pythoninstallations
Nick Coghlan
ncoghlan at gmail.com
Wed Sep 4 12:54:29 CEST 2013
On 4 September 2013 09:55, Justin Cappos <jcappos at poly.edu> wrote:
> We have integrated PyCrypto into TUF and are planning to distribute binaries
> for it along with TUF so that TUF will work smoothly on Windows, Linux, Mac,
> etc.
>
> We will have a demo that shows TUF integration into pip later this week.
> It will have a bunch of example tests you can run that show how pip can be
> hacked (some of which will work even if GPG signature verification was
> implemented), but that TUF blocks.
Great to hear! (uh, well, sort of... this whole "everything is broken,
but we have ways to possibly make it less broken in the future" thing
really needs some more appropriate adjectives...)
> More to come!
> Justin
> P.S. Should we make the unofficial TUF motto "more secure than it used to
> be"? :)
Heh, it's certainly one of the best ways I know to remind myself there
needs to be an appropriate balance between security, backwards
compatibility and usability :)
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list