re: Why doesn't the python package manager (PIP) have package signing feature? VIEW POST

Sloan, the sloth mascot Comment marked as low quality/non-constructive by the community View code of conduct

Pointless, reaearchless, shit post. You don't need to sign it to be sure. just look through it? lazy man's problem.


I've made an account just to respond to your problematic comment. I'm not going to respond to the validity of the author's concerns but if you think that someone could look through a package that contains tens/hundreds of thousands of lines of code, and do that for every package they utilize and then every time they upgrade those packages, then you are delusional. Signing/verifying is a very important aspect of infosec, something you have clearly not researched whatsoever.

code of conduct - report abuse