requestes

Python Module Security Admonition

Development Status
- 4 - Beta
Intended Audience
- Developers
License
- OSI Approved :: BSD License
Operating System
- OS Independent
Programming Language
Topic
- Security
- Software Development :: Libraries :: Python Modules

Project description

If you are reading this admonition while running pip, I’d like to take this time to inform you that you just ran arbitrary code from the untrusted internet (maybe even as root?). The fact that this was so easy is a bit of a problem.

Remember when RubyGems.org got compromised and was down since they weren’t sure whether there were any problems with the gems themselves? That could have just as easily been PyPI. Adding SSL to PyPI and certificate checking to pip were big steps forward, but we need to make shipping and installing modules securely even easier. I’m not sure whether that means developer certificates or package signing or something else, but we need to find a way to run only trusted code. As long as a one character typo can root your box, the problem persists.

https://github.com/davidfischer/requestes

Project details

Development Status
- 4 - Beta
Intended Audience
- Developers
License
- OSI Approved :: BSD License
Operating System
- OS Independent
Programming Language
Topic
- Security
- Software Development :: Libraries :: Python Modules

Release history Release notifications | RSS feed

This version

0.0.1

Jun 7, 2013

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requestes-0.0.1.tar.gz (1.4 kB view hashes)

Uploaded Jun 7, 2013 source

Hashes for requestes-0.0.1.tar.gz

Hashes for requestes-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`13491483ec8a5a8ed296b7e9f88a4297a283421beefe740e69d6c359b15dad8f`
MD5	`cdebbb98a7ecadb374adbb5d65001f4e`
BLAKE2b-256	`0f587dd0d1b8fda382ed9440614c8bca77210fa4e8158261d744bab53f395fd2`