Force packages to match their higher level import namespace in future major Python versions and PEP it.
On Jun 1, 2017 7:37 PM, "Noah Kantrowitz" <n...@coderanger.net> wrote: > > > On Jun 1, 2017, at 4:00 PM, Nick Timkovich <prometheus...@gmail.com> > wrote: > > > > This issue was also brought up in January at > https://github.com/pypa/pypi-legacy/issues/585 then just as after the > initial "typosquatting PyPI" report (June 2016) it's met with resounding > silence. Attacking the messenger doesn't seem like a winning move from a > security standpoint. > > > > Can we come up with a plan to address the underlying issue and protect > users? > > If you have a systemic solution I'm sure we would love to hear it :) > > --Noah > > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig > >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
