On Tue, Mar 12, 2013 at 1:33 PM, Jesse Noller <jnol...@gmail.com> wrote: > There's not much to understand: external hosting of packages is *actively > harmful*, period. End users of easy_install and pip *don't even realize* 99% > of the time that these tools are following links off of PyPi and installing > packages from random, probably insecure/non https locations all over the > internet. Once they realize it they recoil in terror if they have any > understanding of the implications.
This is a rationale for secure defaults for various options, like the ones I outlined in the portions of my post that you *didn't* quote. It's not a rationale for removing the options themselves. _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
