[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Chris Withers chris at simplistix.co.uk
Mon Jan 30 22:14:45 CET 2012


I'm fairly certain PyPI provides MD5 keys for the paranoid...

Chris

On 30/01/2012 21:01, Donald Stufft wrote:
> Writing good software and having good release process don't always go
> hand in hand. Additionally prior to using a bit of software I can review
> it and test it. Not the case when the author can replace the file(s)
> that I reviewed at any time, for any reason he pleases.
>
> On Monday, January 30, 2012 at 3:07 PM, M.-A. Lemburg wrote:
>
>> A little off-topic, but I always find it strange that some users of PyPI
>> appear to trust package authors with the software they put up on PyPI,
>> but don't trust them when it comes to the release process.
>> Very strange indeed...
>>
>> --
>> Marc-Andre Lemburg
>> eGenix.com <http://eGenix.com>
>>
>> Professional Python Services directly from the Source (#1, Jan 30 2012)
>>>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
>> ________________________________________________________________________
>>
>> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>>
>>
>> eGenix.com <http://eGenix.com> Software, Skills and Services GmbH
>> Pastor-Loeh-Str.48
>> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>> Registered at Amtsgericht Duesseldorf: HRB 46611
>> http://www.egenix.com/company/contact/
>> _______________________________________________
>> Catalog-SIG mailing list
>> Catalog-SIG at python.org <mailto:Catalog-SIG at python.org>
>> http://mail.python.org/mailman/listinfo/catalog-sig
>
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
>
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig

-- 
Simplistix - Content Management, Batch Processing & Python Consulting
            - http://www.simplistix.co.uk


More information about the Catalog-SIG mailing list