[Catalog-sig] Proposal: close the PyPI file-replacement loophole
Yuval Greenfield
ubershmekel at gmail.com
Wed Feb 1 08:12:28 CET 2012
+1 on removing this security loophole in any of the ways suggested here.
Ps I don't think it's "uploaders" vs "downloaders" utility as I'm pretty
sure the uploaders download from pypi as well. And even if it was so,
boosting the trustworthiness of pypi is a win for both sides.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120201/ebf35efd/attachment.html>
More information about the Catalog-SIG
mailing list