> a latent assumption within the model has always been that you vet your package... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ajross 5 months ago \| parent \| context \| favorite \| on: PyPI Prohibits inbox.ru email domain registrations > a latent assumption within the model has always been that you vet your packages before installing them That is precisely the broken part. There are thousands of packages in my local python venv. No, I didn't "vet" them, are you serious? And I'm a reasonably expert consumer of the form!

woodruffw 5 months ago | [–]

On re-read, I think we're in agreement -- what you're saying is "broken" is me saying "people assuming things they shouldn't have." But that's arguably not a reasonable assumption on my part either, given how extremely easy we've made it to pull arbitrary code from the Internet.

jowea 5 months ago | [–]

Just have faith in Linus' Law.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact