Dowloading package dependencies from locked down machine
Mats Wichmann
mats at wichmann.us
Tue Jul 28 12:56:28 EDT 2020
On 7/27/20 7:33 PM, Igor Korot wrote:
> Hi,
>> The issue is that the IT department thinks that installing the full
>> power of Python scripting on an Internet facing machine is inconsistent
>> with the "Cyber Essentials Plus" accreditiation that they need to win
>> Government contracts.
> Coming from experience working with the Government Contractor first hand,
> they have to have an approved list of software people can work with.
>
> Ask to provide that list.
> Now such a list is provided by the Security Office and it does not
> come from the IT department.
>
> You can actually go and check this list yourself. Check with your company
> FSO.
>
> I can assure you python will definitely be on that list.
> Its possible that some python modules may not be there but the
> language/interpreter will.
US Government entities use Python extensively. *Some* are forced to use
a special "restricted" version of Python, the mythical FIPS-Compliant
version, that removes your ability to use a few things, notably the md5
hash because it's been deemed "insecure" (even if you're not using it
for cryptographic purposes, it's just banned).
More information about the Python-list
mailing list