On Tue, Feb 12, 2013 at 10:39 AM, Donald von Stufft <[email protected]> wrote: > The folks on the ruby side of things who are dealing with a lot of > the same problems as Python/PyPI is have put together a document > containing a threat model and requirements of the system. While the > terminology is obviously ruby specific the concepts all apply to us. > > The document can be found here: http://goo.gl/ybFIO > > Further more since both languages are trying to solve the same problem > it would probably be a really good idea to join forces and hash out a system > and then diverge to actually implement it instead of both languages having > the same conversations in parallel.
Thanks for posting this Donald - I was just coming to post it myself after it was initially published earlier today (Kurt grabbed me on IRC yesterday and suggested I have a look once he found out I had some involvement with PyPI security discussions). For Giovanni and others, this is the kind of high level "so what problem are we actually trying to solve?" thinking that I believe is needed before we rush off to devise tactical solutions to strategic problems (there *are* plenty of tactical problems that need to be addressed as well, we just need to make sure we distinguish between the two). Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
