On Tuesday, February 5, 2013 at 9:53 AM, holger krekel wrote: > Point taken. I guess unless someone sits down and writes a PEP-ish path for > fortification, it's gonna be hard to assess viability and resilience > against the several attack vectors which should be sorted/prioritized. > > Or is somebody on that already? (there were hints of some background > discussions - not sure that's helping much as most attack vectors against > the python packaging ecosystem are kind of well known or easy to guess after > a bit of research and experimentation).
There are easy wins to take care of before we go this route. It's a *hard* problem that on the surface appears easy. I've personally got some ideas and I'm sure others do as well, but focusing on the hard problems when there are several low hanging fruit is a red herring IMO.
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
