Posts: 1,298
Threads: 38
Joined: Sep 2016
As far as I know, there are no security measures at the moment (for any repository, for that matter). The best method would be to read the code which, of course, can be impractical. Stick with well known packages, if you have a package with 50,000 downloads and another with 1 download, you'd probably be better served using the first. Running your code in a virtual environment may also afford you some level of protection. Make sure you are installing the "correct" package. There are a number of packages with similar names. So, for example, make sure you install "scipy" and not "scipi". As with any software, the best security is to be smart and use commonsense. When in doubt, don't!
If it ain't broke, I just haven't gotten to it yet.
OS: Windows 10, openSuse 42.3, freeBSD 11, Raspian "Stretch"
Python 3.6.5, IDE: PyCharm 2018 Community Edition
Posts: 1,298
Threads: 38
Joined: Sep 2016
(Aug-23-2017, 12:41 PM)metulburr Wrote: butbucket
Seriously? I would not want to download anything from there
I should mention, there has been (is?) an ongoing effort towards security using The Update Framework (TUF) see more here:
TUF
and Pythons "pip" here:
pip and TUF
If it ain't broke, I just haven't gotten to it yet.
OS: Windows 10, openSuse 42.3, freeBSD 11, Raspian "Stretch"
Python 3.6.5, IDE: PyCharm 2018 Community Edition