I can’t figure out whether I’ll bear any risk in terms of malicious software & security if I download mysqlclient-python from here https://pypi.python.org/pypi/mysqlclient? Is mysqlclient-python provided in PyPI reliable in your opinion? I want to install mysqlclient in my global Python environment, not virtualenv.
I’ve started learning Python. I want to try Django framework and Mysql database. I’ve already installed them. I know that PyPI is a third party repository, and everyone with a bit of experience can write and upload their package to PyPI.
Is it safe to install mysqlclient, using pip and PyPI?
Having that in mind, you certainly bear all risks by downloading and installing anything from the internet. Not a long time ago, neither setuptools nor pip could verify SSL certificates and most of communication was over plain HTTP. It’s a usual and good practice to test all the software you are going to use in production environment somewhere in an isolated environment, and set up your production environment from an internal repository of packages already tested by you. Any package management software allows specifying a custom repository to install from.