PackMan security (was: [Pythonmac-SIG] FAQ item)
Jack Jansen
Jack.Jansen at cwi.nl
Tue Jul 29 23:17:59 EDT 2003
On dinsdag, jul 29, 2003, at 21:29 Europe/Amsterdam, Bob Ippolito wrote:
> I'd also like to mention that there are some pretty *serious security
> flaws* with the current way Package Manager works that should be
> higher priority than making it pretty. We need to start a new thread
> discussing this.. is this the proper SIG for it?
I'm not sure what the right place to discuss this is. Let's keep it
here, for now.
I plan to do a PEP later, but as PackMan solves a real problem I didn't
want to get
bogged down by zillions of people all trying to bend PackMan to their
own needs
until 2.3 was out.
Let's hear about the security flaws. The only one I'm aware of is that
the URL
that is built in to packman isn't secure HTTP. From that point on I was
under the
impression that everything was secure. Or, "secure", let me rephrase
that: there
is only one person you put your trust in, and that is the person who
created the
database.
--
- Jack Jansen <Jack.Jansen at oratrix.com>
http://www.cwi.nl/~jack -
- If I can't dance I don't want to be part of your revolution -- Emma
Goldman -
More information about the Pythonmac-SIG
mailing list