On 01/02/2012 09:01, Yuval Greenfield wrote:
Would you testify that HTTP is secure because I can emulate TLS in
javascript?
What's that got to do with the price of eggs?
PyPI should do what it can within reason to be consistent and safe for
all its users.
*sigh* that's what the MD5s are for. What threat, exactly are you so
worried about here? That someone investigates and chooses to use a
package, and then, having done so, decides to re-download an identical
version of that package which has been maliciously uploaded, and happens
to have the same MD5 checksum as the one they've already downloaded?
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
