Distributions - let's take Debian as a concrete example - provide an audit trail... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rlpb on Sept 18, 2017 \| parent \| context \| favorite \| on: Devs unknowingly use “malicious” modules snuck int... Distributions - let's take Debian as a concrete example - provide an audit trail to individual identified developers as a mitigation for users relying on trust. Just because we must necessarily rely on some level of trust does not mean that we must blindly trust, which is what happens when anyone can upload to a repository such as PyPI.

yeukhon on Sept 18, 2017 [–]

As far as I know, once the project name is taken, that ownership belongs to the account first created this package in PyPI.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact