top | item 42599964 (no title) alsodumb | 1 year ago Given how widespread PyPI usage is, I'm surprised they only have one full time security staff. I mean I guess it makes sense, usage doesn't always mean they get more donations/money, but damn. discuss order hn newest spencerchubb|1 year ago companies that actually care about security have a more secure solution and don't allow devs to use pypi cjalmeida|1 year ago You’d be surprised by the amount of companies handling critical infrastructure that are OK with using PyPI directly load replies (3) f1shy|1 year ago For example we have it behind a kind of transparent proxy, where you get only packages which were tested and scan by a team of experts. davidshepherd7|1 year ago Could you give some examples of more secure solutions? load replies (1)
spencerchubb|1 year ago companies that actually care about security have a more secure solution and don't allow devs to use pypi cjalmeida|1 year ago You’d be surprised by the amount of companies handling critical infrastructure that are OK with using PyPI directly load replies (3) f1shy|1 year ago For example we have it behind a kind of transparent proxy, where you get only packages which were tested and scan by a team of experts. davidshepherd7|1 year ago Could you give some examples of more secure solutions? load replies (1)
cjalmeida|1 year ago You’d be surprised by the amount of companies handling critical infrastructure that are OK with using PyPI directly load replies (3)
f1shy|1 year ago For example we have it behind a kind of transparent proxy, where you get only packages which were tested and scan by a team of experts.
spencerchubb|1 year ago
cjalmeida|1 year ago
f1shy|1 year ago
davidshepherd7|1 year ago