Even though this is the correct thing to do, I don't like it that this book got a special treatment. Will other books that have received bad reviews from non-verified purchasers have those reviews removed?
The 4 hour rule sounds VERY annoying. It means for example I'll be forced to type my passcode after waking up. So many years of Touch ID will make such a burden UNBEARABLE.
I think that's a misinterpretation. Here is the full quote:
> You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
You already need a password if you haven't used TouchID in 48 hours.
This rule seems to exist to make sure you have to enter your password after about a week if by then you go over 4 hours without using FaceID.
You don't need to use a password any time you go more than 4 hours. I agree that would be insane and would be much stricter than what they apply to TouchID (which they say is less secure).
EDIT: I notice the GP's comment seems to have been edited since the time you posted yours.
That's not the way I understand it. I read it as "you'll need the pass if you haven't unlocked with touch id in 6.5 days AND you'll need the pass if you haven't unlocked with face id in 4 hours"
This interpretation is very unlikely, given that it would be redundant with the first bullet point: "If you haven’t used Face ID in 48 hours [...] it will ask for a passcode".
Assuming that Apple engineers aren't stupid, the correct interpretation is "we want people to enter their passwords at least once a week so they don't forget them, but we also don't want to bother them if they're in the middle of something". So yes, once a week, you will be forced to type your password upon waking up.
I read it as "you need to enter your password if you haven't used your phone in a week, but if you use your phone every day, you only have to enter your password after each reboot"
That part was worded in a bit of a clumsy manner I think. It is in combination with not entering the passcode in X many days, as it already is with Touch ID (You may have already experienced this occasionally - waking up and randomly needing to enter your passcode instead of being able to use Touch ID).
The problem is that the vetting process of PyPI is completely inexistant. This has happened many times in the past, the last time I remember they uploaded a few libraries called "bs4" and stuff like that.
This is correct. In general, though, most packages don't rely on urllib3 directly, but on `requests`, which uses urllib3 but provides a friendlier API and built-in SSL cert verification.
It's not generally true that built-in packages which also appear on PyPI are malicious.
Many batteries-included packages are also maintained outside of CPython. This is because: (1) in many cases they existed outside prior to being included in CPython, (2) they can experiment with new features before they're included in the CPython version of their package.
