On Tue, Mar 12, 2013 at 10:38 AM, PJ Eby <p...@telecommunity.com> wrote: > I'll ask it again: why should *thousands* of projects be censored or > made to change their release processes, because *you* can't be > bothered to cache the distributions of the projects you depend on?
Because externally-hosted files are a security risk, one that most users don't realize exists. We can either fix this problem now, or we can wait until someone is compromised using PyPI as a vector. Jacob _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
