[Catalog-sig] Proposal: close the PyPI file-replacement loophole
chris at simplistix.co.uk
Wed Feb 1 09:36:01 CET 2012
On 01/02/2012 07:12, Yuval Greenfield wrote:
> +1 on removing this security loophole in any of the ways suggested here.
Good grief, it's not a "security loophole".
If you actually cared about security, you'd already be using, recording
and checking the MD5 checksums provided with each download and would
already know that this isn't a security loophole.
If you're not, then quit with the security theater.
Simplistix - Content Management, Batch Processing & Python Consulting
More information about the Catalog-SIG