Re: [sage-devel] On backdooring open source projects

2024-05-30 Thread Georgi Guninski
On Sat, May 25, 2024 at 10:10 PM Matthias Koeppe wrote: > This has been merged in 10.4.beta7. > Good to see some action :) Here is a short anti-security rant from my experience. To protect something, you need to fix all weaknesses. To break it, an attacker needs only one exploitable weakness.

[sage-devel] Proposal (redo): Make pytest, pytest_mock, pytest_xdist + dependencies standard packages

2024-05-30 Thread Matthias Koeppe
We added the packages as optional "pip" packages (see https://deploy-livedoc--sagemath.netlify.app/html/en/developer/packaging#package-types for the terminology), each more than 1 year ago. - https://deploy-livedoc--sagemath.netlify.app/html/en/reference/spkg/pytest#spkg-pytest (added in 202