|
|
|
|
|
|
by IshKebab
534 days ago
|
|
|
This absolutely would be meaningfully addressed by namespaces because the typical use case is PyPI + a private repo you control. Register the namespace in both repos and you're done. If you disagree I would love to hear of a concrete way that solution would be vulnerable. |
|
|
That’s the operative part of “authoritative.” It’s a distributed trust problem, and there’s no particular guarantee that your namespace on one index will be honored by another. Namespacing is great for eliminating scarcity on one index at a time; I don’t think it helps much with this kind of cross-index security.