Reply to post:

Python Package Index found stuffed with AWS keys and malware

AndrueC Silver badge

I don't think it's reasonable to expect all software developers to understand everything they use. That would be like demanding that electricians build their own soldering irons and power supplies.

For software development to thrive we have to have tools that can just be grabbed off the shelf and slotted into place. The fact those tools can't be trusted is a serious concern but I don't think that expecting every software developer to understand what those libraries do is the answer. The answer is to come up with a system that ensures we can trust those libraries.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon