(blog.pypi.org)

61 points harporoeder | 2 comments | 17 Oct 24 20:03 UTC | HN request time: 0.4s | source

1. badgersnake ◴[17 Oct 24 21:50 UTC] No.41874174[source]▶

Most people do security badly so let’s not do it at all.

Right.

2. otikik ◴[17 Oct 24 22:29 UTC] No.41874455[source]▶

Unfortunately we live in a world of limited time and resources, and priorities need to be adjusted accordingly.

Honestly, I would put the blame on PGP. It has a … special UX. I tried to use it in 3 separate occasions, and ended up doing something else (probably less secure) because I would couldn’t manage to make the damn thing work. I might not be a genius, but I am also not completely stupid.

↑

Removing PGP from PyPI (2023)