On Thu, 08 May 2014 09:58:08 -0400, Donald Stufft email@example.com wrote:
I don't think the warning is FUD, and it doesn't mention anything security related at all. The exact text of the warning is in the subject of the email here:
cdecimal an externally hosted file and may be unreliable
Which is true as far as I can tell, it is externally hosted, and it may be unreliable. If there is a better wording for that I’m happy to have it and will gladly commit it myself to pip.
 In my experience dealing with complaints of pip's users, one of their big ones was that some dependency they use was, typically unknown to them, hosted externally and they found out it was hosted externally because the server it was hosted on went down.
"unreliable" reads as "not safe", ie: insecure.
You probably want something like "and access to it may be unreliable".