[openstack-dev] [Horizon] the future of angularjs development in Horizon

Matthias Runge mrunge at redhat.com
Fri Nov 14 12:48:27 UTC 2014

On 13/11/14 19:11, Donald Stufft wrote:

> As far as I’m aware npm supports TLS the same as pip does. That secures the
> transport between the end users and the repository so you can be assured
> that there is no man in the middle. Security wise npm (and pip) are about
> ~95% (mad up numbers, but you can get the gist) of the effectiveness as the
> OS package managers.

Oh, e.g rpm allows packages to be cryptographically signed, and
depending on your systems config, that is enforced. This is quite
different from just tls'ing a connection.


More information about the OpenStack-dev mailing list