[issue9995] "setup.py register sdist upload" requires pass to be saved
anatoly techtonik
report at bugs.python.org
Tue Nov 9 17:14:54 CET 2010
anatoly techtonik <techtonik at gmail.com> added the comment:
Eric, interested parties will not fill CVE or DSA requests. They will just steal the pass of PyPI uploaders and use it to inject malicious code into popular packages.
If you need a CVE or DSA to evaluate if an issue imposes a security risk, then better leave this task to somebody else.
----------
type: behavior -> security
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9995>
_______________________________________
More information about the Python-bugs-list
mailing list