On Wed, Aug 23, 2017 at 10:37 AM, John Torakis <[email protected]> wrote:
> > Github can be trusted 100% percent for example. This isn't even remotely close to true. While I'd agree with the statement that the SSL cert on github is reasonably trustworthy, the *content* on github is NOT trustworthy and that's where the security risk is. I agree that this is a useful feature and there is no way it should be on by default. The right way IMHO to do this is to have a command line option something like this: python --http-import somelib=https://github.com/someuser/somelib which then redefines the import somelib command to import from that source. Along with your scenario, it allows people, for example, to replace a library with a different version without modifying source or installing a different version. That's pretty useful. --- Bruce
_______________________________________________ Python-ideas mailing list [email protected] https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
