[Catalog-sig] bad package that's fishing bitbucket emails
Robert Kern
robert.kern at gmail.com
Thu Mar 29 13:19:32 CEST 2012
On 3/29/12 11:56 AM, M.-A. Lemburg wrote:
> M.-A. Lemburg wrote:
>> Michael Foord wrote:
>>> Hello mt,
>>>
>>> It doesn't appear to be a clone, but embedding bitbucket - and the Python package *seems* genuine.
>>
>> The site hosts an illegal copy of the bitbucket site and redirects the logins
>> not to bitbucket, but to the code.thejeshgn.com:
>>
>> http://code.thejeshgn.com/account/signin/
>>
>> Needless to mention that the login info is sent in clear as well...
>>
>> I think we should inform Atlassian about this.
>
> Looks like he cloned bitbucket for all his bitbucket repos:
>
> http://code.thejeshgn.com/
>
> and happily proxies requests through his site.
Are we sure this is not just an instance of this supported feature of Bitbucket?
http://confluence.atlassian.com/display/BITBUCKET/Using+your+Own+bitbucket+Domain+Name
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Catalog-SIG
mailing list