Hacker News new | past | comments | ask | show | jobs | submit login

How is it any different than installing the package via pip ? Not only most people won't check the source before running the code, but there is also no way to be sure that the code shipped by pip is the one you read on GitHub...



gp has a leg to stand on only if they regularly audit the contents of their site packages. Otherwise you're totally right.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: