Packaging and Security 15 August 2025, 04:09:52 https://alpha-omega.dev/wp-content/uploads/sites/22/2025/08/Python-White-Paper-for-AO-3.pdfThis is a paper on the core security issues that surround package making and package maintaining. Specifically, it outlines "phantom" dependencies, which is troubles we have run into more than once, and tries to address those problem. It is probably worth a read by the Artix packaging crew. I personally find that it makes forms more questions in my mind than in answers.QuotePhantom Dependency” to mean asoftware dependency that wasn’ttracked using packaging metadata,manifests, or lock files. That would seem to include nearly any C library outside of a specific known version of libraries. And specifying library version break so many dependencies and undermines a system that is designed to have version flexibility between minor library upgrades. Quote Selected
Topic: Packaging and Security (Read 453 times)
previous topic - next topic
Topic: Packaging and Security (Read 453 times)
previous topic - next topic