04.11.18 17:00, Julien Palard via Python-Dev пише:
> Considering feedback from Ned, what about building this as an independent service? We don't really need to interface with python.org at all, we just need some hardware, a domain, some code to interface with github API and... to start it's probably enough? It would be a usefull POC.
This will just move risks to this service.
Ned mentioned potential abuse. We will host unchecked content. Malicious
user can create a PR which replaces Python documentation with malicious
content.
The Doc/ directory includes Python scripts and Makefile which are used
for building documentation. Malicious user can use this for executing
arbitrary code on our server.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/mariatta%40python.org