[Catalog-sig] repository security concerns

[David Ascher]

> one of my biggest concerns with a python-repository is
> dealing with security, as the repository is enabling
> of a framework of automatic installation of software
> and will also tend to serve as a primary source of
> python packages for manual installations.

This appears to be a non-issue in the Perl world.  CPAN is a simple FTP
repository, and yet it works.  Installing modules from CPAN is a
one-liner in Perl.
  
My recommendation is to worry about security later, when you have
critical mass.  Any stringent security measure you impose now will
dramatically impact your level of acceptance.  Keep in mind that doing
SSH'ish things on Windows is much too hard for most people.

It's relatively easy to add a "seal of approval" by a few "authorities"
post-hoc for those users concerned w/ security.

my 2c.

--david