28.05.2015, 21:52, Julian Taylor kirjoitti: > there is no guarantee that github will not do this stuff in future too, > also PyPI or self hosting do not necessarily help as those resources can > be compromised. > The main thing that should be learned this and the many similar > incidents in the past is that binaries from the internet need to be > verified of they have been modified from their original state otherwise > they cannot be trusted.
Indeed, but on the other hand, there's no reason for us to continue cooperating with shady partners, especially when there are easy alternatives. We can just quietly change the main binary distribution channel and be done with it. _______________________________________________ NumPy-Discussion mailing list NumPy-Discussion@scipy.org http://mail.scipy.org/mailman/listinfo/numpy-discussion