This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author petr.viktorin
Recipients docs@python, hroncok, jack__d, lukasz.langa, miss-islington, petr.viktorin
Date 2021-08-04.09:21:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1628068918.42.0.880083894894.issue44756@roundup.psfhosted.org>
In-reply-to
Content
The issue this (or lack of communication about it) caused in rc1 is tracked in https://bugs.python.org/issue44823

> @petr.viktorin a whatsnew entry was added, what more notice could have been provided?

Ideally, the python-dev mailing list (or Discourse).

> pip install sphinx blurb python-docs-theme
> If running that is ever unsafe, we have big problems!

Who is "we"?
We do have big problems. Anyone who can upload wheels for sphinx blurb python-docs-theme or any of their dependencies (or anyone who has their credentials) can now easily put code on machines of CPython developers.

For example, PyPI doesn't guarantee that wheels correspond to sources. "Markupsafe" is particularly dangerous because the wheels are platform-specific and have compiled code, so tampering is nearly undetectable. (But if another dependency starts using platform-specific wheels, I don't think anyone would notice.)
History
Date User Action Args
2021-08-04 09:21:58petr.viktorinsetrecipients: + petr.viktorin, docs@python, lukasz.langa, hroncok, miss-islington, jack__d
2021-08-04 09:21:58petr.viktorinsetmessageid: <1628068918.42.0.880083894894.issue44756@roundup.psfhosted.org>
2021-08-04 09:21:58petr.viktorinlinkissue44756 messages
2021-08-04 09:21:58petr.viktorincreate