[Python-Dev] pip: cdecimal an externally hosted file and may be unreliable [sic]
Donald Stufft
donald at stufft.io
Thu May 8 16:21:28 CEST 2014
On May 8, 2014, at 10:11 AM, R. David Murray <rdmurray at bitdance.com> wrote:
> On Thu, 08 May 2014 09:58:08 -0400, Donald Stufft <donald at stufft.io> wrote:
>> I don't think the warning is FUD, and it doesn't mention anything security
>> related at all. The exact text of the warning is in the subject of the email
>> here:
>>
>> cdecimal an externally hosted file and may be unreliable
>>
>> Which is true as far as I can tell, it is externally hosted, and it may be
>> unreliable[1]. If there is a better wording for that I’m happy to have it and
>> will gladly commit it myself to pip.
>>
>> [1] In my experience dealing with complaints of pip's users, one of their big
>> ones was that some dependency they use was, typically unknown to them,
>> hosted externally and they found out it was hosted externally because the
>> server it was hosted on went down.
>
> "unreliable" reads as "not safe", ie: insecure.
>
> You probably want something like "and access to it may be unreliable".
>
> --David
Done: https://github.com/pypa/pip/commit/69bf7067
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140508/25ff9c4f/attachment-0001.sig>
More information about the Python-Dev
mailing list