[Catalog-sig] Use user-specific site-packages by default?
Donald Stufft
donald.stufft at gmail.com
Tue Feb 5 16:06:49 CET 2013
On Tuesday, February 5, 2013 at 9:53 AM, holger krekel wrote:
> Point taken. I guess unless someone sits down and writes a PEP-ish path for
> fortification, it's gonna be hard to assess viability and resilience
> against the several attack vectors which should be sorted/prioritized.
>
> Or is somebody on that already? (there were hints of some background
> discussions - not sure that's helping much as most attack vectors against
> the python packaging ecosystem are kind of well known or easy to guess after
> a bit of research and experimentation).
There are easy wins to take care of before we go this route. It's a *hard*
problem that on the surface appears easy. I've personally got some ideas
and I'm sure others do as well, but focusing on the hard problems when there
are several low hanging fruit is a red herring IMO.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130205/aed27a20/attachment.html>
More information about the Catalog-SIG
mailing list