On Thu, Mar 27, 2014 at 8:58 PM, Nick Coghlan <ncoghlan at gmail.com> wrote: >On 27 March 2014 19:10, Maciej Fijalkowski <fijall at gmail.com> wrote: >> I just find "my company is stupid so let's work around it by putting >> stuff to python standard library" unacceptable argument for python-dev >> and all the python community. > > Due diligence and prudent risk management are not stupid - most open > source projects and small companies just don't have the luxury of > worrying about them, as they're so far down the list of concerns that > the additional risk of using arbitrary code downloaded off the > internet doesn't even register. I don't think anyone's saying it's stupid to be cautious, but more that it's stupid to blindly accept the latest python.org release and *not* accept something from another source. And if that's stupid, well, I'm stupid too - blindly accepting a whole lot of binary package updates because they're on ftp.au.debian.org, for instance. Why do I trust that, and not random sites on the internet? Because I trust that the Debian package maintainers to check what goes through, and I trust that there are people with reputations at stake, who won't want to send something dodgy through. It's not perfect, but it's a whole lot easier than checking every single package that goes through. ChrisA
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4