[Catalog-sig] [PSF-Board] Troubled by changes to PyPI usage agreement

"Martin v. Löwis" martin at v.loewis.de
Wed Jan 20 23:40:48 CET 2010

> Of course, there's also a human dimension : we suppose that the people
> running the mirror are people we can trust because they can
> technically do malicious things in the mirror since we don't really
> have any real protection (*yet*).

That's not true: users of mirrors can verify that the mirrors are
authentic. Neither can malicious operators modify the contents of
their mirrors without clients noticing, nor can careless mirror
operators threaten the integrity of a mirror even assuming somebody
breaks into the mirror.


More information about the Catalog-SIG mailing list