Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2017-September/149571.html below:

[Python-Dev] SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI

• Previous message (by thread): [Python-Dev] SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI
• Next message (by thread): [Python-Dev] SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

An idea for typo squatting would be to compute the Levenshtein
distance with package names of standard library and top 100 most
popular PyPI packages, and require to contact a moderation team if the
name is too close to an existing package. The moderation team will
review the email, but also watch the package during 1 month to check
if everything seems fine.

It requires to have a list of all package names of the standard
library, and maintain an up to date list of popular PyPI package
names.

It also requires to set up a mailing list, and tooling to report the
error message to users, and then give moderators the right to create
the package. I'm not sure that it's easy to implement it.

Victor

• Previous message (by thread): [Python-Dev] SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI
• Next message (by thread): [Python-Dev] SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4