On Wed, 26 Aug 2015 21:24:05 -0400 Donald Stufft <[email protected]> wrote: > > At the time of this writing there are 65,232 projects hosted on PyPI and of > those, 59 of them rely on external files that are safely hosted outside of > PyPI > and 931 of them rely on external files which are unsafely hosted outside of > PyPI. This shows us that 1.5% of projects will be affected in some way by this > change while 98.5% will continue to function as they always have. In addition, > only 5% of the projects affected are using the features provided by PEP 438 to > safely host outside of PyPI while 95% of them are exposing their users to > Remote Code Execution via a Man In The Middle attack.
Out of curiosity, have you tried to determine if those Unsafely Off PyPI projects were either still active or "popular" ? The PEP looks fine anyway, good job :) Regards Antoine. _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
