[Catalog-sig] PyPI/pip security: waiting for input

Donald Stufft donald at stufft.io
Mon Mar 11 15:53:38 CET 2013

On Mar 11, 2013, at 10:52 AM, Daniel Holth <dholth at gmail.com> wrote:

> Super impressed after reading all the TUF papers and comparing it to
> my own feeble proposal, they had addressed a whole bevy of problems
> that I hadn't even thought of - infinite-length download attacks,
> server-asserted timestamps, quorum signatures, sophisticated trust
> delegation, consistency of all the metadata all the time ...
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig

Agreed, and they've been very helpful with questions when asked.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130311/46ea59ed/attachment.pgp>

More information about the Catalog-SIG mailing list