Fishing from PyPI ?
Chris Warrick
kwpolska at gmail.com
Mon Aug 6 14:26:58 EDT 2018
On Mon, 6 Aug 2018 at 19:31, MRAB <python at mrabarnett.plus.com> wrote:
> > https://pypi.us18.list-manage.com/track/[snip]
> If you want to be sure, ignore the links in the email, and check PyPI at
> the URL that you know is correct.
>
> Given that the email says "https://pypi.us18.list-manage.com" and PyPI
> is at "https://pypi.org/", it does look suspicious.
> --
> https://mail.python.org/mailman/listinfo/python-list
Those e-mails are legitimate. See [1] and [2].
The unusual domain is a common staple of Mailchimp, which is an e-mail
newsletter platform (it was used to mail out the announcement), and
they replace all links with tracking ones in their list-manage.com
domain. (They also implement the GDPR in an anti-user/pro-spam
fashion, but I digress.)
[1]: https://status.python.org/incidents/nk7cyn2vh4wr
[2]: https://github.com/pypa/warehouse/issues/3632
--
Chris Warrick <https://chriswarrick.com/>
PGP: 5EAAEA16
More information about the Python-list
mailing list