+1 on removing this security loophole in any of the ways suggested here.
Ps I don't think it's "uploaders" vs "downloaders" utility as I'm pretty sure the uploaders download from pypi as well. And even if it was so, boosting the trustworthiness of pypi is a win for both sides.
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
