Cory Benfield writes:

 > I think the core question you need to answer for this proposal is:
 > why is “pip install oic” not easy-enough reach?

My first guess would be "some enterprises use OAuth internally for the
same reason they have draconian approval policies".  More
straightforwardly, this is the kind of battery that enterprises which
make it hard to use pip seem likely to value.  Nick's response is
formally correct, but if requests is so important, it's likely to
already be on the approved list.  I would assume that pyoic also
implements the client side, so it is useful even if requests is
absent.

But I am not a draconian security policy QA/security reviewer.  I'd
take anything Paul Moore says pretty seriously, as he operates in such
an environment.


_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to