Force packages to match their higher level import namespace in future major Python versions and PEP it.
On Jun 1, 2017 7:37 PM, "Noah Kantrowitz" <[email protected]> wrote: > > > On Jun 1, 2017, at 4:00 PM, Nick Timkovich <[email protected]> > wrote: > > > > This issue was also brought up in January at > https://github.com/pypa/pypi-legacy/issues/585 then just as after the > initial "typosquatting PyPI" report (June 2016) it's met with resounding > silence. Attacking the messenger doesn't seem like a winning move from a > security standpoint. > > > > Can we come up with a plan to address the underlying issue and protect > users? > > If you have a systemic solution I'm sure we would love to hear it :) > > --Noah > > > > _______________________________________________ > Distutils-SIG maillist - [email protected] > https://mail.python.org/mailman/listinfo/distutils-sig > >
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
