[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site

Jacob Kaplan-Moss jacob at jacobian.org
Tue Mar 12 19:56:00 CET 2013

On Tue, Mar 12, 2013 at 1:00 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> The whole Python package eco-system works based on trust and
> injecting fear into this system is not helpful, IMO.

I'm sorry if my words came across that way; I'm not trying to scare
anyone. I'm trying to emphasize that this isn't an academic
discussion; the insecurity of PyPI is something that actively prevents
the adoption of Python. I think I'm probably right in saying that
everyone here wants to push Python forward; I'm trying to articulate
how security fits into that. Again, sorry for not being clearer;
you're totally right that fear-mongering isn't helpful.


More information about the Catalog-SIG mailing list