On Mon, Apr 9, 2018, 16:47 Chris Jerdonek <chris.jerdo...@gmail.com> wrote:

> One of Donald's comments in response to the idea (and that occurred to
> me too and that I agree with) is that providing a way to communicate
> messages to users introduces another possible avenue for attack.

I agree that this is worth thinking about, but having thought about it I'm
having trouble coming up with a threat model where it creates additional

If someone takes over package distribution, that's obviously a far more
serious problem. A messaging mechanism could amplify such an attack by
encouraging people to install the compromised packages – but pip's existing
check for new pip versions can also do that. Or if we have a mechanism for
securing package updates, like TUF, then presumably we can use it to
protect the MOTD as well?

Distutils-SIG maillist  -  Distutils-SIG@python.org

Reply via email to