科技回声

Link to the report: <a href="https://github.com/trailofbits/publications/blob/master/reviews/2023-09-pypi-warehouse-securityreview.pdf">https://github.com/trailofbits/publications/blob/master/revi...</a><p>They seem to not have analysed client-side of PIP itself, but I suppose there isn't anything you could say that isn't already obvious to everyone.

My understanding reading the report is that the audit is for PyPI code and infrastructure itself and not the packages it hosts. Am I right?

Congrats! Thanks for trailblazing and being transparent to help other central registries follow.

How much does an audit cost?

Good to know. But how often are they going to do it ? Is it going to be an annual event from now on ?

My understanding reading the report is that the audit is for PyPI code and infrastructure itself and not the packages it hosts. Am I right?

Congrats! Thanks for trailblazing and being transparent to help other central registries follow.

How much does an audit cost?

Good to know. But how often are they going to do it ? Is it going to be an annual event from now on ?

PyPI has completed its first security audit

5 条评论

PyPI has completed its first security audit

5 条评论