Am 17.06.2010 15:16, schrieb M.-A. Lemburg:
Benji York wrote:
On Thu, Jun 17, 2010 at 7:40 AM, M.-A. Lemburg<m...@egenix.com> wrote:
http://pypi.python.org/simple/zc.buildout/
BTW: what are all those bug links doing on the zc.buildout index page ?
PyPI scrapes all the links from the long description; for many projects
that includes a change log with links to fixed bugs.
Isn't that dangerous ?
AFAIK, setuptools would start opening all those URLs and might
find download files which are not necessarily under full control of
the author, e.g. anyone could add a comment to a bug report or
wiki page with a link to an egg file on some rogue server.
I think you misunderstand. Links originate *only* from the long
description. The package owner has full control over that.
If you think the package owner is opening up a security threat by
including the links in the first place - yes, that's indeed a risk.
Regards,
Martin
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
