[Catalog-sig] bad package that's fishing bitbucket emails
m t
dreamabyss at hotmail.com
Thu Mar 29 13:37:28 CEST 2012
the other question is whether there are any others in pypi, and how to effectively detect them
mt
On Mar 29, 2012, at 4:06 AM, Michael Foord wrote:
>
> On 29 Mar 2012, at 12:04, Yuval Greenfield wrote:
>
>> I really dislike this tomfoolery with bitbucket, you can see that jgrid.org is also a DNS redirection or something. It's bad security practice by bitbucket to allow this imo.
>>
>> Users should be trained for consistent address bars with HTTPS only, not all these useless copies with strange url's.
>>
>
>
> That's not relevant as to whether or not the package in question should be removed from PyPI though.
>
> Michael
>
>> Yuval
>>
>> On Thu, Mar 29, 2012 at 12:56 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> M.-A. Lemburg wrote:
>>> Michael Foord wrote:
>>>> Hello mt,
>>>>
>>>> It doesn't appear to be a clone, but embedding bitbucket - and the Python package *seems* genuine.
>>>
>>> The site hosts an illegal copy of the bitbucket site and redirects the logins
>>> not to bitbucket, but to the code.thejeshgn.com:
>>>
>>> http://code.thejeshgn.com/account/signin/
>>>
>>> Needless to mention that the login info is sent in clear as well...
>>>
>>> I think we should inform Atlassian about this.
>>
>> Looks like he cloned bitbucket for all his bitbucket repos:
>>
>> http://code.thejeshgn.com/
>>
>> and happily proxies requests through his site.
>>
>>>> The correct place to report issues with pypi is the tracker (no-one on this webmaster alias is involved in the administration of pypi):
>>>>
>>>> http://sourceforge.net/tracker/?group_id=66150&atid=513503
>>>>
>>>> For *discussing* PyPI issues, which seems wise for this particular question, the catalog-sig email list is the right place:
>>>>
>>>> http://www.python.org/community/sigs/current/catalog-sig/
>>>>
>>>> I've copied them in on this email
>>>>
>>>> All the best,
>>>>
>>>> Michael Foord
>>>>
>>>> On 29 Mar 2012, at 11:15, m t wrote:
>>>>
>>>>> hi,
>>>>> this package in pypi doesn't redirect to bitbucket, but a cloned site that fishes bitbucket emails:
>>>>> http://pypi.python.org/pypi/Octopoda/.0.1
>>>>>
>>>>> might want to look into it,
>>>>> mt
>>>>>
>>>>
>>>>
>>>> --
>>>> http://www.voidspace.org.uk/
>>>>
>>>>
>>>> May you do good and not evil
>>>> May you find forgiveness for yourself and forgive others
>>>> May you share freely, never taking more than you give.
>>>> -- the sqlite blessing
>>>> http://www.sqlite.org/different.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Catalog-SIG mailing list
>>>> Catalog-SIG at python.org
>>>> http://mail.python.org/mailman/listinfo/catalog-sig
>>>
>>
>> --
>> Marc-Andre Lemburg
>> eGenix.com
>>
>> Professional Python Services directly from the Source (#1, Mar 29 2012)
>>>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
>> ________________________________________________________________________
>> 2012-04-03: Python Meeting Duesseldorf 5 days to go
>>
>> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>>
>>
>> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
>> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>> Registered at Amtsgericht Duesseldorf: HRB 46611
>> http://www.egenix.com/company/contact/
>> _______________________________________________
>> Catalog-SIG mailing list
>> Catalog-SIG at python.org
>> http://mail.python.org/mailman/listinfo/catalog-sig
>>
>
>
> --
> http://www.voidspace.org.uk/
>
>
> May you do good and not evil
> May you find forgiveness for yourself and forgive others
> May you share freely, never taking more than you give.
> -- the sqlite blessing
> http://www.sqlite.org/different.html
>
>
>
>
>
>
More information about the Catalog-SIG
mailing list