On Friday, February 22, 2013 at 6:37 PM, Justin Cappos wrote: > > 1c) hide/show a package version > > > > > > > I need to look into this more. There are several ways this can be set up > and I need to understand more to know how to respond. Offhand, I would say > that having the developer sign and upload metadata indicating hidden vs. > visible is the most secure. From a usability perspective, PyPI could sign > something stating this instead, but this requires trusting PyPI more than may > be wise. Were it my system, I'd prefer the former (and can talk more about > risks with the latter), but either choice seems reasonable. Hiding/showing a package on PyPI is only in the webui. It doesn't actually effect what the installation tools can find.
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
