[Catalog-sig] Proposal: close the PyPI file-replacement loophole
Donald Stufft
donald.stufft at gmail.com
Mon Jan 30 22:01:51 CET 2012
Writing good software and having good release process don't always go hand in hand. Additionally prior to using a bit of software I can review it and test it. Not the case when the author can replace the file(s) that I reviewed at any time, for any reason he pleases.
On Monday, January 30, 2012 at 3:07 PM, M.-A. Lemburg wrote:
> A little off-topic, but I always find it strange that some users of PyPI
> appear to trust package authors with the software they put up on PyPI,
> but don't trust them when it comes to the release process.
> Very strange indeed...
>
> --
> Marc-Andre Lemburg
> eGenix.com (http://eGenix.com)
>
> Professional Python Services directly from the Source (#1, Jan 30 2012)
> > > > Python/Zope Consulting and Support ... http://www.egenix.com/
> > > > mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
> > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
> > > >
> > >
> >
>
> ________________________________________________________________________
>
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>
>
> eGenix.com (http://eGenix.com) Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
> http://www.egenix.com/company/contact/
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org (mailto:Catalog-SIG at python.org)
> http://mail.python.org/mailman/listinfo/catalog-sig
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120130/62101442/attachment.html>
More information about the Catalog-SIG
mailing list