[openstack-dev] [Horizon] the future of angularjs development in Horizon
mrunge at redhat.com
Fri Nov 14 12:48:27 UTC 2014
On 13/11/14 19:11, Donald Stufft wrote:
> As far as I’m aware npm supports TLS the same as pip does. That secures the
> transport between the end users and the repository so you can be assured
> that there is no man in the middle. Security wise npm (and pip) are about
> ~95% (mad up numbers, but you can get the gist) of the effectiveness as the
> OS package managers.
Oh, e.g rpm allows packages to be cryptographically signed, and
depending on your systems config, that is enforced. This is quite
different from just tls'ing a connection.
More information about the OpenStack-dev