There are various downloads that we need to consider:
(A) Downloads of Sage-the-distribution source/binary tarballs
(B) Cloning the git repo
(C) Downloading tarballs while building from the git repo
I think that (A) should be our primary worry, since those are usually
not checked by anybody. For (B) I have no idea. And (C) is pretty well
protected by the SHA-1 hashes.
And of course there are other security issues such as
(D) People getting malicious code into Sage
(E) People developing a malicious package and getting that into Sage
--
You received this message because you are subscribed to the Google Groups
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.
