Deployment for the Lazy and Paranoid
Erik Rose
- Audience level:
- Novice
- Category:
- Security
Description
Deploying Python projects is a pain for the security-conscious. Authors can change their PyPI packages without revving the version numbers, and PyPI or its CDN could be hacked and send you malicious packages. Historically, we've fought this by running our own index servers or by using vendor libs: both harder than just "pip install". "peep install", however, makes this problem go away.