codehaus


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dowloading package dependencies from locked down machine


On 7/27/20 7:33 PM, Igor Korot wrote:
> Hi,

>> The issue is that the IT department thinks that installing the full
>> power of Python scripting on an Internet facing machine is inconsistent
>> with the "Cyber Essentials Plus" accreditiation that they need to win
>> Government contracts.

> Coming from experience working with the Government Contractor first hand,
> they have to have an approved list of software people can work with.
> 
> Ask to provide that list.
> Now such a list is provided by the Security Office and it does not
> come from the IT department.
> 
> You can actually go and check this list yourself. Check with your company
> FSO.
> 
> I can assure you python will definitely be on that list.
> Its possible that some python modules may not be there but the
> language/interpreter will.

US Government entities use Python extensively.  *Some* are forced to use
a special "restricted" version of Python, the mythical FIPS-Compliant
version, that removes your ability to use a few things, notably the md5
hash because it's been deemed "insecure" (even if you're not using it
for cryptographic purposes, it's just banned).