[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Chris Withers chris at simplistix.co.uk
Wed Feb 1 09:36:01 CET 2012

On 01/02/2012 07:12, Yuval Greenfield wrote:
> +1 on removing this security loophole in any of the ways suggested here.

Good grief, it's not a "security loophole".

If you actually cared about security, you'd already be using, recording 
and checking the MD5 checksums provided with each download and would 
already know that this isn't a security loophole.

If you're not, then quit with the security theater.



Simplistix - Content Management, Batch Processing & Python Consulting
             - http://www.simplistix.co.uk

More information about the Catalog-SIG mailing list