lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87jztf1092.fsf@meer.lwn.net>
Date:   Mon, 28 Aug 2023 12:37:45 -0600
From:   Jonathan Corbet <corbet@....net>
To:     Mauro Carvalho Chehab <mchehab@...nel.org>
Cc:     Matthew Wilcox <willy@...radead.org>, Nishanth Menon <nm@...com>,
        linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        bpf@...r.kernel.org,
        Heinrich Schuchardt <heinrich.schuchardt@...onical.com>,
        Mattijs Korpershoek <mkorpershoek@...libre.com>,
        Simon Glass <sjg@...omium.org>, Tom Rini <trini@...sulko.com>,
        Neha Francis <n-francis@...com>
Subject: Re: [PATCH 1/2] Documentation: sphinx: Add sphinx-prompt

Mauro Carvalho Chehab <mchehab@...nel.org> writes:

> Adding dependencies there is not the easiest thing to do, as one needs to
> test the change against all supported distros to ensure that the new package
> name will be the same everywhere. Also, if I'm not mistaken, some developers
> don't want to use pip to install packages, wanting instead to have the
> distro-provided package.

That, actually, is something we definitely need to keep in mind.  The
security record for PyPI (as with almost all of the language-specific
repos) is not great.  We need to think pretty hard before telling
developers (or, say, the build process on kernel.org) that they need to
install packages from there on their systems.

Thanks,

jon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ