On Wed, May 17, 2023 at 2:22 PM Daniel Guffey <daniel.guf...@gmail.com> wrote:
> I'm a bit dubious about the pypi suggestion as packages are being > regularly poisoned with malware ( e.g. New KEKW malware infects > open-source Python Wheel files via a PyPI distribution | SC Media > (scmagazine.com) > <https://www.scmagazine.com/news/devops/kekw-malware-infects-open-source-python-wheel-files> > ) > and support issues keep happening with package management tools. > This is an absurd complaint. For one, the PyPA dealt with that very quickly. But more relevantly, Toolz is a package with many years of development by well-trusted people. Yes, getting a brand new malware onto PyPI is a danger, but that's a completely unrelated issue than using well-established and signed packages from known people. If you weirdly distrust PyPI, you can equally get the same thing via GitHub... I guess unless you also distrust those repos. It's not absurd to suggest a new decorator for the standard library. But "I don't trust PyPI" isn't going to win you any support for the idea. -- The dead increasingly dominate and strangle both the living and the not-yet born. Vampiric capital and undead corporate persons abuse the lives and control the thoughts of homo faber. Ideas, once born, become abortifacients against new conceptions.
_______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/BT2RQ3VUTEHHWVZZPWJZT2CK2TTLUWKX/ Code of Conduct: http://python.org/psf/codeofconduct/
