Reply to post:

Python Package Index found stuffed with AWS keys and malware

AndrueC Silver badge

I would expect a competent one to be able easily to design and/or construct both of those items.

I'd have thought someone as pedantic as you would have read my post more carefully. What I actually wrote was:

That would be like demanding that electricians build their own soldering irons and power supplies.

Electricians buy the tools and equipment they need without (by and large) wasting their time worrying about how they are constructed. Software developers should be able to do the same with libraries.

Human innovation has always been about wrapping complicated things up in ways such that other people can use them without need to expend the effort gaining the same knowledge. I don't know enough about the internal combustion engine to repair one but that doesn't stop me driving a car. Although I know a lot about telecommunications most people do not and it doesn't stop them using a telephone.

The whole point of a software library is to allow a software developer to leverage some other developer's skill and knowledge. Requiring a user of a library to validate the contents of that library is a poor use of their time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon