[Catalog-sig] I removed a egg in pypi
julien tayon
julien at tayon.net
Thu Aug 9 17:46:35 CEST 2012
2012/8/9 Pablo Martin <pmartin at yaco.es>:
> Hi,
Hello,
For the future, you can use
http://pypi.python.org/pypi/pypi-stat/1.2.2 : it stores a time serie
of a package stats, upload, revisions ... locally in an easily
accessible json.
btw, I intend for research purpose to upload a malvelant package on
pypi to test the security. Would calling it dont_install a good idea?
(it would modify a dotfile (.bashrc), delete or create a file in the
PATH, call an outer webservice to simulate an information leak). The
doc would ofc tell DONT INSTALL.
I also want to test the openBSD pkg_add (systrace jails/stuff) to
propose an automated installation checking for malvolent stuff this
way.
Cheers,
--
Julien
More information about the Catalog-SIG
mailing list