Matthew Knepley <knep...@gmail.com> writes: > I don't actually care whether we keep this check. However, I do think > the arguments advanced so far do not amount to more than prejudice. I > don't think a security argument holds water
Security only insofar as urllib could have a vulnerability. I think privacy is still a concern. > for a system that downloads tarballs from other sites without any kind > of check. That is opt-in (the user passes --download).
signature.asc
Description: PGP signature