https://github.com/davidfischer/requestes
Insert stern sounding security stuff here...
https://github.com/davidfischer/requestes
Last synced: 3 months ago
JSON representation
Insert stern sounding security stuff here...
- Host: GitHub
- URL: https://github.com/davidfischer/requestes
- Owner: davidfischer
- Created: 2013-06-06T15:28:55.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2013-06-06T15:39:08.000Z (almost 12 years ago)
- Last Synced: 2025-01-03T07:03:09.975Z (5 months ago)
- Language: Python
- Size: 97.7 KB
- Stars: 1
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Python Module Security Admonition
=================================
If you are reading this admonition while running pip, I'd like to take
this time to inform you that you just ran arbitrary code from the untrusted
internet (maybe even as root?). The fact that this was so easy is a bit of a
problem.
Remember when RubyGems.org got compromised and was down since they weren't
sure whether there were any problems with the gems themselves? That could
have just as easily been PyPI. Adding SSL to PyPI and certificate checking
to pip were big steps forward, but we need to make shipping and installing
modules securely even easier. I'm not sure whether that means developer
certificates or package signing or something else, but we need to find a
way to run only trusted code. As long as a one character typo can root your
box, the problem persists.
https://github.com/davidfischer/requestes