Super impressed after reading all the TUF papers and comparing it to my own feeble proposal, they had addressed a whole bevy of problems that I hadn't even thought of - infinite-length download attacks, server-asserted timestamps, quorum signatures, sophisticated trust delegation, consistency of all the metadata all the time ... _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
- [Catalog-sig] PyPI/pip security: waiting for in... Giovanni Bajo
- Re: [Catalog-sig] PyPI/pip security: waiti... Justin Cappos
- Re: [Catalog-sig] PyPI/pip security: w... Giovanni Bajo
- Re: [Catalog-sig] PyPI/pip securit... Justin Cappos
- Re: [Catalog-sig] PyPI/pip securit... Daniel Holth
- Re: [Catalog-sig] PyPI/pip sec... Donald Stufft
- Re: [Catalog-sig] PyPI/pip security: w... Trishank Karthik Kuppusamy
- Re: [Catalog-sig] PyPI/pip securit... Trishank Karthik Kuppusamy
