[Catalog-sig] [DRAFT] Proposal for fixing PyPI/pip security
Barry Warsaw
barry at python.org
Mon Feb 11 20:06:40 CET 2013
On Feb 10, 2013, at 02:44 PM, Nick Coghlan wrote:
>integrating TUF (https://www.updateframework.com/) into the PyPI based
>distribution infrastructure sounds like the best available option
And they've already done some amount of work for us.
https://www.updateframework.com/wiki/SecuringPythonPackageManagement
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130211/ebcb7e0d/attachment-0001.pgp>
More information about the Catalog-SIG
mailing list