Am 20.02.23 um 14:23 schrieb Jacob Rief:
Isn't it a bit dangerous to auto-add a package from PyPI to a running
Django installation? That module then gains full database access and
could do all kind of nasty stuff.
Maybe I am a bit naive here, but 3rd party packages sometimes get
installed incautiously.
Hi Jacob,
no, I don't think so. It is generally "dangerous" to run code you don't
know what it does ;-)
In my case it is even more dangerous to run code I wrote myself, hehe.
But really, if you install ANY package via pip, you have to trust that
package. So it doesn't matter if you install a Django GDAPS auto-plugin
package or django-money. you would have to add it manually to your
settings.py/ INSTALLED_APPS anyway to use it.
GDAPS is intended to enable plugins for a main application - e.g. there
is medux, and medux.plugins.laboratory - both from the same vendor.
There is no trust problem when installing your own packages.
Christian
--
Dr. Christian González
https://nerdocs.at
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/12149f6c-cc96-adb0-76c8-91a704d2828f%40nerdocs.at.
