-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setup.py downloads possibly evil file via unsecured connection #1410
Comments
Bear binary would solve this to some extent. On Thu, Feb 11, 2016 at 7:10 PM, Lasse Schuirmann notifications@github.com
|
Yes that is related though it only moves the problem to some other script. |
To solve that cleanly imo we have two options:
I consider the sourceforge link in our setup.py trusted source (even without secured connection). So I would say this bug has low priority and as @AbdealiJK states we will move someday bears to an own package/repository where we could concentrate more on that dependency handling. |
This issue was moved to coala/coala-bears#48 |
I got this comment on my blog recently:
And I think we should think about that. We're downloading checkstyle.jar there which shouldn't be evil. Compiling it from source though sounds like to be avoided IMO.
The text was updated successfully, but these errors were encountered: