[PSF-Community] Dangerous PyPI packages and PSF
Bruno Rocha
rochacbruno at gmail.com
Thu May 4 19:41:08 EDT 2017
Hi,
I just read this on reddit[0], a thread asking if PyPI packages are audited
and somebody pointed the `python-nation`[1] which is a harmful and useless
module, installing itself and sending the `/etc/passwd` content to external
endpoint.
The app receiving the data is hosted at http://python-nation.herokuapp.com
and as the PSF mission [2] says
The mission of the Python Software Foundation is to promote, protect, and
advance the Python programming language
I wonder if there are some workgroup at PSF to handle this? and not only
the specific case of `python-nation` which should be deleted and the user
banned maybe, But also to handle the audit of other packages?
[0] https://www.reddit.com/r/Python/comments/697da2/does_
pypi_review_code_thats_uploaded/
[1] https://www.reddit.com/r/Python/comments/697da2/does_
pypi_review_code_thats_uploaded/dh4uyf8/
[2] https://www.python.org/psf/mission/
Cheers,
--
*Bruno Rocha - @rochacbruno <http://twitter.com/rochacbruno>*
http://brunorocha.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/psf-community/attachments/20170504/e171e39a/attachment.html>
More information about the PSF-Community
mailing list