On Wed, Feb 1, 2012 at 4:29 PM, Antoine Pitrou <solip...@pitrou.net> wrote:
> Yuval Greenfield <ubershmekel <at> gmail.com> writes: > > > > Obviously this isn't the only problem if the account of an SQLAlchemy > > maintainer is compromised - other threats can manifest as well. > > So, why you think PyPI has to have protections against the hacking of > maintainers' accounts is beyond me. That's a completely unreasonable > expectation. > > Besides, being able to delete a release is mandatory (imagine you have > uploaded > confidential files by mistake). > > The original proposal was "retaining a record of the uploaded file (though not the contents) so that future uploads with the same name wouldn't be allowed." It sounds like you would be happy with that proposal.
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
