[Catalog-sig] Allowing the upload of .py files at PyPI
Jim Fulton
jim at zope.com
Thu Feb 14 23:20:58 CET 2013
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
...
> I'm more concerned about phishing style attacks. I don't want the PyPI
> admins to have to start scanning for hostile names like "distirbute".
Isn't this an issue for regular distributions too?
>
> So how often do the bootstrap files change?
>
> If relatively frequently, I would prefer this to be a project-specific
> privilege granted by the PyPI admins (at least for now).
>
> If rarely, then I'd be happy enough if the update process required PyPI
> admin involvement (the project whitelist is probably a better idea, though).
+1
Jim
--
Jim Fulton
http://www.linkedin.com/in/jimfulton
Jerky is better than bacon! http://zo.pe/Kqm
More information about the Catalog-SIG
mailing list