On 2/14/13 11:49 PM, Donald Stufft wrote:
On Thursday, February 14, 2013 at 5:43 PM, PJ Eby wrote:
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan ncogh...@gmail.com
mailto:ncogh...@gmail.com wrote:
I'm more concerned about phishing style attacks. I don't want the PyPI
admins to have to start
On Thu, Feb 14, 2013 at 6:31 PM, Richard Jones rich...@python.org wrote:
The bootstrap.py file would most likely have to be omitted from the
usual files listing mechanisms as they are used to determine
installable release packages.
I would feel more comfortable with the proposed mechanism if
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get installed,
In order to have a more secured installation process, we'd like to be
able to push those files on PyPI so people can download them through
https using the PSF certificate.
As Phillip Eby noticed,
On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get installed,
In order to have a more secured installation process, we'd like to be
able to push those files on PyPI so people can download them
On 15 Feb 2013 05:50, Tarek Ziadé ta...@ziade.org wrote:
On 2/14/13 8:37 PM, Donald Stufft wrote:
On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get installed,
In order to have a more secured
On 14.02.2013 20:28, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to get
installed,
In order to have a more secured installation process, we'd like to be able
to push those files on
PyPI so people can download them through https using the
This isn't something automated tools are supposed to discover right? They
previously
know where it exists? Why does it need to be on PyPI at all? Seems like for this
unusual case just keeping it someplace sane that has a good SSL cert seems like
an obvious solution? Github or Bitbucket or
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan ncogh...@gmail.com wrote:
...
I'm more concerned about phishing style attacks. I don't want the PyPI
admins to have to start scanning for hostile names like distirbute.
Isn't this an issue for regular distributions too?
So how often do the
On 14.02.2013 23:10, Nick Coghlan wrote:
On 15 Feb 2013 05:50, Tarek Ziadé ta...@ziade.org wrote:
On 2/14/13 8:37 PM, Donald Stufft wrote:
On Thursday, February 14, 2013 at 2:28 PM, Tarek Ziadé wrote:
Hello
Some tools (setuptools, distribute, zope, pip) use bootstrap files to
get
On 14.02.2013 23:38, Donald Stufft wrote:
On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
I don't follow the reasoning here. What's the difference between
uploading a .py file and a .tar.gz file ?
AFAIK, the only reason why the file extensions are restricted is to
prevent
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan ncogh...@gmail.com wrote:
I'm more concerned about phishing style attacks. I don't want the PyPI
admins to have to start scanning for hostile names like distirbute.
I'm not sure what you mean. These things exist only for the
corresponding package
On Thu, Feb 14, 2013 at 5:43 PM, PJ Eby p...@telecommunity.com wrote:
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan ncogh...@gmail.com wrote:
I'm more concerned about phishing style attacks. I don't want the PyPI
admins to have to start scanning for hostile names like distirbute.
I'm not sure
On Thursday, February 14, 2013 at 5:43 PM, PJ Eby wrote:
On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan ncogh...@gmail.com
(mailto:ncogh...@gmail.com) wrote:
I'm more concerned about phishing style attacks. I don't want the PyPI
admins to have to start scanning for hostile names like
On 15 Feb 2013 08:38, Donald Stufft donald.stu...@gmail.com wrote:
On Thursday, February 14, 2013 at 5:34 PM, M.-A. Lemburg wrote:
I don't follow the reasoning here. What's the difference between
uploading a .py file and a .tar.gz file ?
AFAIK, the only reason why the file extensions are
On 15 February 2013 06:28, Tarek Ziadé ta...@ziade.org wrote:
Some tools (setuptools, distribute, zope, pip) use bootstrap files to get
installed,
In order to have a more secured installation process, we'd like to be able
to push those files on PyPI so people can download them through https
15 matches
Mail list logo
