Petr Viktorin <encu...@gmail.com> added the comment:
The issue this (or lack of communication about it) caused in rc1 is tracked in https://bugs.python.org/issue44823 > @petr.viktorin a whatsnew entry was added, what more notice could have been > provided? Ideally, the python-dev mailing list (or Discourse). > pip install sphinx blurb python-docs-theme > If running that is ever unsafe, we have big problems! Who is "we"? We do have big problems. Anyone who can upload wheels for sphinx blurb python-docs-theme or any of their dependencies (or anyone who has their credentials) can now easily put code on machines of CPython developers. For example, PyPI doesn't guarantee that wheels correspond to sources. "Markupsafe" is particularly dangerous because the wheels are platform-specific and have compiled code, so tampering is nearly undetectable. (But if another dependency starts using platform-specific wheels, I don't think anyone would notice.) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44756> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
