On May 8, 2014, at 10:11 AM, R. David Murray
On Thu, 08 May 2014 09:58:08 -0400, Donald Stufft
wrote: I don't think the warning is FUD, and it doesn't mention anything security related at all. The exact text of the warning is in the subject of the email here:
cdecimal an externally hosted file and may be unreliable
Which is true as far as I can tell, it is externally hosted, and it may be unreliable[1]. If there is a better wording for that I’m happy to have it and will gladly commit it myself to pip.
[1] In my experience dealing with complaints of pip's users, one of their big ones was that some dependency they use was, typically unknown to them, hosted externally and they found out it was hosted externally because the server it was hosted on went down.
"unreliable" reads as "not safe", ie: insecure.
You probably want something like "and access to it may be unreliable".
--David
Done: https://github.com/pypa/pip/commit/69bf7067 ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA