| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87jztf1092.fsf@meer.lwn.net>
Date: Mon, 28 Aug 2023 12:37:45 -0600
From: Jonathan Corbet <corbet@....net>
To: Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: Matthew Wilcox <willy@...radead.org>, Nishanth Menon <nm@...com>,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
bpf@...r.kernel.org,
Heinrich Schuchardt <heinrich.schuchardt@...onical.com>,
Mattijs Korpershoek <mkorpershoek@...libre.com>,
Simon Glass <sjg@...omium.org>, Tom Rini <trini@...sulko.com>,
Neha Francis <n-francis@...com>
Subject: Re: [PATCH 1/2] Documentation: sphinx: Add sphinx-prompt
Mauro Carvalho Chehab <mchehab@...nel.org> writes:
> Adding dependencies there is not the easiest thing to do, as one needs to
> test the change against all supported distros to ensure that the new package
> name will be the same everywhere. Also, if I'm not mistaken, some developers
> don't want to use pip to install packages, wanting instead to have the
> distro-provided package.
That, actually, is something we definitely need to keep in mind. The
security record for PyPI (as with almost all of the language-specific
repos) is not great. We need to think pretty hard before telling
developers (or, say, the build process on kernel.org) that they need to
install packages from there on their systems.
Thanks,
jon
Powered by blists - more mailing lists