[Catalog-sig] Proposal: close the PyPI file-replacement loophole
ubershmekel at gmail.com
Mon Jan 30 11:46:26 CET 2012
On Mon, Jan 30, 2012 at 12:27 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> Besides, we're not talking about a common case here, just an emergency
> exit that can be used if needed.
This rare "emergency" can be handled by emailing a pypi admin. It most
certainly isn't worth the very real and global security and reliability
Most cases won't email a pypi admin as it's just that easy to increment the
version by an 0.0.1 and the fact that it probably isn't an emergency to
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalog-SIG