i partly agree, but i think it's pretty obvious what the intent is the package on pypi has a malicious purpose
I completely disagree. The package *clearly* has a good intent, and the package author has no malicious plans with it.
if you can't trust the one end of the chain of events, there's no point in debating the integrity of the other end the aspect of trust was broken, the person and their code become untrustworthy from now on i was one second away from sending my credentials, so i might be biased here :)
And no harm would have been done in sending your credentials - the package author would not have been able to obtain them. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
