requestes

Release 0.0.1

Python Module Security Admonition

Homepage PyPI Python

License
BSD-3-Clause
Install
pip install requestes==0.0.1

Documentation

Python Module Security Admonition

If you are reading this admonition while running pip, I'd like to take this time to inform you that you just ran arbitrary code from the untrusted internet (maybe even as root?). The fact that this was so easy is a bit of a problem.

Remember when RubyGems.org got compromised and was down since they weren't sure whether there were any problems with the gems themselves? That could have just as easily been PyPI. Adding SSL to PyPI and certificate checking to pip were big steps forward, but we need to make shipping and installing modules securely even easier. I'm not sure whether that means developer certificates or package signing or something else, but we need to find a way to run only trusted code. As long as a one character typo can root your box, the problem persists.

https://github.com/davidfischer/requestes

Stats

Dependencies
0
Dependent packages
2
Dependent repositories
4
Total releases
1
Latest release
First release
Stars
1
Forks
1
Watchers
2
Contributors
1
Repository size
97.7 KB
SourceRank
2

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.1

Contributors

David Fischer


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-12-15 14:31:40 UTC

Login to resync this project