On 14 February 2013 10:46, Giovanni Bajo <[email protected]> wrote: > The package "itsdangerous" provides some drop-in crypto for sending a > time-based token that doesn't need to be stored on your database (or wherever > you're now storing the OTK). Up to you if it's worth it, since IIUC you've > already implemented it.
Thanks, I think I will use that instead of doing more database work. > Task #12 applies to "security-related changes", for which a definition is > given: > https://docs.google.com/a/develer.com/document/d/1DgQdDCZY5LiTY5mvfxVVE4MTWiaqIGccK3QCUI8np4k/edit > ================================================== > We define “security-related” change any profile change in PyPI that allows a > new GPG fingerprint to be valid for a given package. The currently identified > security-related changes are: > • Modifying the GPG fingerprint in a package owner or maintainer > profile. > • Adding a new owner or maintainer to a package > • Any change to the second-factor authentication system itself > ================================================== > > So if your goal was to send an email when a new release is published, that's > not a security-related change. Thanks for the clarification. I'm having trouble accessing google docs at the moment for some reason. Richard _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
