[New-bugs-announce] [issue12368] packaging.pypi.simple.Crawler assumes external download links are ok to follow
report at bugs.python.org
Sun Jun 19 23:08:19 CEST 2011
New submission from Michael Mulich <michael.mulich at gmail.com>:
The packaging.pypi.simple.Crawler blindly follows external download URLs. The crawler should honor a list of allowed hosts (see also the hosts parameter) before attempting to download from an external source.
Éric Araujo has also pointed out that established tools like easy_install and pip provide ways of allowing/restricting by host.
nosy: alexis, eric.araujo, michael.mulich, tarek
title: packaging.pypi.simple.Crawler assumes external download links are ok to follow
versions: Python 3.3
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce