On Thu, Feb 14, 2013 at 5:10 PM, Nick Coghlan <[email protected]> wrote: ... > I'm more concerned about phishing style attacks. I don't want the PyPI > admins to have to start scanning for hostile names like "distirbute".
Isn't this an issue for regular distributions too? > > So how often do the bootstrap files change? > > If relatively frequently, I would prefer this to be a project-specific > privilege granted by the PyPI admins (at least for now). > > If rarely, then I'd be happy enough if the update process required PyPI > admin involvement (the project whitelist is probably a better idea, though). +1 Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
