Log file Viewer

[16:09:13] <sumanah> woodruffw: hey did you already know about https://github.com/pypa/warehouse/pull/4949 ? I want you to be aware of it in case it intersects with your work at all

[16:10:33] <woodruffw> sumanah: i didn't! yeah, this looks relevant to the API key work. i'll definitely reference it :-)

[16:11:31] <sumanah> woodruffw: glad to help. steiza ^

[16:12:02] <sumanah> woodruffw: the whole history of https://github.com/pypa/warehouse/issues/994 is long and points at a few other different issues and PRs. might be worth your while to re-review

[16:12:35] <sumanah> I bet you saw a pointer to #4949 and momentarily overlooked it :)

[16:29:33] <sumanah> folks interested in security and PyPI: more details later today, but we prioritized and made progress on a few issues in a chat earlier today https://wiki.python.org/psf/PackagingWG/2019-03-22-Warehouse

[18:51:17] <sumanah> Warehouse security improvements progress report is now up: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042

[19:39:00] <sumanah> dstufft: could I ask you to review https://github.com/pypa/warehouse/pull/4752 ?

[20:12:48] <sumanah> The only TODOs still remaining from today's call: woodruffw - could you comment on #5584 with your "verifying a tarball's soundness can make it easy to introduce DoSes due to tarbombs" headsup? https://github.com/pypa/warehouse/issues/5584 Warehouse doesn't check whether uploaded packages ending in tar.gz are actually tarballs

[21:57:26] <woodruffw> done!

[21:59:04] <sumanah> Thanks woodruffw!