oss-sec mailing list archives

Re: CVE Request: Insecure Software Download in pip

From: Donald Stufft <donald () stufft io>
Date: Sat, 27 Jul 2013 03:29:06 -0400


If it helps at all this is the commit that introduced initial support for it (where it explicitly calls out PEP381)

https://github.com/pypa/pip/commit/e80c387a26858c4d7ff43c5f030b04b03fd43dfe

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

CVE Request: Insecure Software Download in pip Donald Stufft (Jul 25)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)
  - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
    - Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
    - Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
    - Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
    - Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
    - Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)

(Thread continues...)