[issue12368] packaging.pypi.simple.Crawler assumes external download links are ok to follow
Michael Mulich
report at bugs.python.org
Sun Jun 19 23:08:20 CEST 2011
New submission from Michael Mulich <michael.mulich at gmail.com>:
The packaging.pypi.simple.Crawler blindly follows external download URLs. The crawler should honor a list of allowed hosts (see also the hosts parameter) before attempting to download from an external source.
Éric Araujo has also pointed out that established tools like easy_install and pip provide ways of allowing/restricting by host.
----------
assignee: tarek
components: Distutils2
messages: 138663
nosy: alexis, eric.araujo, michael.mulich, tarek
priority: normal
severity: normal
status: open
title: packaging.pypi.simple.Crawler assumes external download links are ok to follow
type: behavior
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12368>
_______________________________________
More information about the Python-bugs-list
mailing list