[tahoe-lafs-trac-stream] [tahoe-lafs] #1220: build/install should be able to refrain from getting dependencies
tahoe-lafs
trac at tahoe-lafs.org
Sat Jan 29 04:34:30 UTC 2011
#1220: build/install should be able to refrain from getting dependencies
---------------------------+------------------------------------------------
Reporter: gdt | Owner: gdt
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: packaging | Version: 1.8.0
Resolution: | Keywords: setuptools security
Launchpad Bug: |
---------------------------+------------------------------------------------
Changes (by davidsarah):
* keywords: setuptools => setuptools security
* priority: minor => major
Comment:
I don't consider this a minor issue, because the downloading from
potentially insecure sites is a significant vulnerability (as we were
recently reminded by [http://news.ycombinator.com/item?id=2150639
SourceForge being compromised] -- and setuptools will happily download
from far less secure sites than !SourceForge).
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1220#comment:23>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list