On Tue, Mar 12, 2013 at 1:33 PM, Jesse Noller <[email protected]> wrote: > There's not much to understand: external hosting of packages is *actively > harmful*, period. End users of easy_install and pip *don't even realize* 99% > of the time that these tools are following links off of PyPi and installing > packages from random, probably insecure/non https locations all over the > internet. Once they realize it they recoil in terror if they have any > understanding of the implications.
This is a rationale for secure defaults for various options, like the ones I outlined in the portions of my post that you *didn't* quote. It's not a rationale for removing the options themselves. _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
