On 13/11/14 19:11, Donald Stufft wrote: > As far as I’m aware npm supports TLS the same as pip does. That secures the > transport between the end users and the repository so you can be assured > that there is no man in the middle. Security wise npm (and pip) are about > ~95% (mad up numbers, but you can get the gist) of the effectiveness as the > OS package managers.
Oh, e.g rpm allows packages to be cryptographically signed, and depending on your systems config, that is enforced. This is quite different from just tls'ing a connection. Matthias _______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev