[pydotorg-www] project plan
A.M. Kuchling
amk at amk.ca
Mon Apr 19 16:41:32 CEST 2010
On Mon, Apr 19, 2010 at 09:28:55AM -0400, Richard Leland wrote:
> In these
> docs I've outlined a plan that includes goals and research needed.
A suggested additional goal: security, especially of the Python source
code and the tarballs on PyPI.
https://blogs.apache.org/infra/entry/apache_org_04_09_2010 describes a
recent attack on apache.org in detail. The attack seems to have been
targeted at ASF specifically, though the motivation is unknown
(trojaning code releases or SVN repositories? getting passwords of
developer who work for companies of interest). Considering the number
of people who complain that when PyPI is down, they can't build
things, I think a fair number of build/installation processes download
things from PyPI and install them, so we could find PSF servers the
target of a similar attack.
--amk
More information about the pydotorg-www
mailing list