id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc
177,Secirity risk: easy_install reads a wiki page to get tarball path,upadhyay@…,xi,"This is a *huge* security risk. Anyone can modify the wiki page: http://pyyaml.org/wiki/PyYAML, adding a malicious tarball location, that will be downloaded by easy_install and run as root on everyone who tries to install PyYAML. 

At the very least please make the wiki page editable by only few people. Or make the pypi download location point to something more ""reliable"". ",defect,closed,highest,pyyaml,blocker,fixed,,