Re: Suggestion: PEP for tracking vulnerable Python packages

Grant, On Tue, May 12, 2015 at 5:16 PM, Grant Murphy wrote: > Hi, > > When pulling in a dependency via pip it is currently difficult to reason about > whether there are any vulnerabilities associated with the package version you > are using. I think the Python package management infrastructure co

Suggestion: PEP for tracking vulnerable Python packages

Hi, When pulling in a dependency via pip it is currently difficult to reason about whether there are any vulnerabilities associated with the package version you are using. I think the Python package management infrastructure could be extended to facilitate this capability reasonably easily. PyPI a

Suggestion: PEP for tracking vulnerable Python packages

Hi, When pulling in a dependency via pip it is currently difficult to reason about whether there are any vulnerabilities associated with the package version you are using. I think the Python package management infrastructure could be extended to facilitate this capability reasonably easily. PyPI a