[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site

Jesse Noller jnoller at gmail.com
Tue Mar 12 19:58:01 CET 2013

On Tuesday, March 12, 2013 at 2:56 PM, Jacob Kaplan-Moss wrote:

> On Tue, Mar 12, 2013 at 1:00 PM, M.-A. Lemburg <mal at egenix.com (mailto:mal at egenix.com)> wrote:
> > The whole Python package eco-system works based on trust and
> > injecting fear into this system is not helpful, IMO.
> I'm sorry if my words came across that way; I'm not trying to scare
> anyone. I'm trying to emphasize that this isn't an academic
> discussion; the insecurity of PyPI is something that actively prevents
> the adoption of Python. I think I'm probably right in saying that
> everyone here wants to push Python forward; I'm trying to articulate
> how security fits into that. Again, sorry for not being clearer;
> you're totally right that fear-mongering isn't helpful.
> Jacob 
Nah, that was me injecting fear. I call dibs on that one. 

More information about the Catalog-SIG mailing list