Mattia Verga via devel wrote: > I'm just wondering: what's the benefit of packaging Python noarch > projects in Fedora? [...] > In what way is different from installing them by pip? · Users can install and use programs without caring about what programming language they are written in. · Programs can depend on other programs written in other languages. · Users don't need to run pip to check for Python program updates, cpan to check for Perl program updates, npm to check for Javascript program updates, gem to check for Ruby program updates, and so on and so forth. They can get all their updates with a single "yum update". · It's easy to set traps on PyPI that trick users into downloading malware. I've never heard about any such problem in the Fedora repository. https://arstechnica.com/information-technology/2016/06/college-student-schools-govs-and-mils-on-perils-of-arbitrary-code-execution/ https://arstechnica.com/information-technology/2017/09/devs-unknowingly-use-malicious-modules-put-into-official-python-repository/ https://arstechnica.com/information-technology/2018/10/two-new-supply-chain-attacks-come-to-light-in-less-than-a-week/ https://arstechnica.com/information-technology/2021/02/supply-chain-attack-that-fooled-apple-and-microsoft-is-attracting-copycats/ Björn Persson
Attachment:
pgp6UgeaNS1dd.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
