Which suggestions did I ignore?
On Tuesday, January 31, 2012 at 7:40 PM, Terry Reedy wrote: > On 1/31/2012 6:43 PM, Donald Stufft wrote: > > I don't think anyone is arguing that it's not occasionally useful. The > > question to answer is the occasional usefulness worth the risks that > > come with it. In my opinion the small utility (being able to correct a > > borked packaging job) is not worth the risks to both my applications > > stability, and the security of my entire system. > > > > > The question is whether, on each issue, PyPI should be optimized for > authors (who provide their modules for free) or for users. Both choices > are defensible. However, if all choices are made in favor of users, > there will very likely be fewer things uploaded or even listed, which is > not favorable for users. > > It is hard to take your security concerns too seriously when you > consistently ignore security suggestions. Prohibiting deletion or > replacement by authors will give you no protection against the site > being compromised by other means, whereas the suggestions you ignore would. > > -- > Terry Jan Reedy > > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org (mailto:Catalog-SIG@python.org) > http://mail.python.org/mailman/listinfo/catalog-sig > >
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
