Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-22 Thread Trishank Karthik Kuppusamy
On 9/21/13 9:09 PM, Donald Stufft wrote: On Sep 21, 2013, at 8:47 PM, Vladimir Diaz vladimir.v.d...@gmail.com mailto:vladimir.v.d...@gmail.com wrote: What about a precompiled Python extension? Bundling wheels? The problem is when pip has a dependency on something and someone accidentally

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Donald Stufft
Couple questions inline On Sep 21, 2013, at 5:14 PM, Trishank Karthik Kuppusamy t...@students.poly.edu wrote: Hello everyone, Recently, we tested how pip would respond, without and with TUF, to attacks on PyPI:

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Trishank Karthik Kuppusamy
Hello Donald, On 09/21/2013 05:54 PM, Donald Stufft wrote: Is it possible to do this in a pure python library? I know there are pure python libraries for ed25119 that are written by the author so they should be good to use. It should be possible to do in pure Python all the cryptography

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Donald Stufft
On Sep 21, 2013, at 6:12 PM, Trishank Karthik Kuppusamy t...@students.poly.edu wrote: Hello Donald, On 09/21/2013 05:54 PM, Donald Stufft wrote: Is it possible to do this in a pure python library? I know there are pure python libraries for ed25119 that are written by the author so they

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Trishank Karthik Kuppusamy
On 09/21/2013 06:17 PM, Donald Stufft wrote: Is it possible to do this in a pure python library? I know there are pure python libraries for ed25119 that are written by the author so they should be good to use. It should be possible to do in pure Python all the cryptography that TUF needs.

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Vladimir Diaz
On Sat, Sep 21, 2013 at 6:12 PM, Trishank Karthik Kuppusamy t...@students.poly.edu wrote: Hello Donald, On 09/21/2013 05:54 PM, Donald Stufft wrote: Is it possible to do this in a pure python library? I know there are pure python libraries for ed25119 that are written by the author so

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Donald Stufft
On Sep 21, 2013, at 8:47 PM, Vladimir Diaz vladimir.v.d...@gmail.com wrote: What about a precompiled Python extension? Bundling wheels? The problem is when pip has a dependency on something and someone accidentally uninstalls that dependency it leaves pip in a broken state. Additionally pip

Re: [Distutils] [tuf] Testing pip security without and with TUF

2013-09-21 Thread Vladimir Diaz
On Sat, Sep 21, 2013 at 6:17 PM, Donald Stufft don...@stufft.io wrote: On Sep 21, 2013, at 6:12 PM, Trishank Karthik Kuppusamy t...@students.poly.edu wrote: Hello Donald, On 09/21/2013 05:54 PM, Donald Stufft wrote: Is it possible to do this in a pure python library? I know there