On 18 February 2018 at 03:48, Lele Gaifax <l...@metapensiero.it> wrote: > Nathaniel Smith <n...@pobox.com> writes: > >> What do you mean by a "spam package"? I guess it might be covered >> under this section: >> https://www.python.org/dev/peps/pep-0541/#invalid-projects >> >> -n > > Today lots of packages like the following appeared on PyPI: > > https://pypi.python.org/pypi/Kim-Kardashian-Hollywood-Hack-Cheats-tars-Cash-Energy-Genearator-Online-2018/1.1.2 > > Sooner or later we should find a solution, otherwise the index will become a > rubbish receptacle.
The incident report (and response status updates) for the current spam attack can be found here: https://status.python.org/incidents/mgjw1g5yjy5j While we have some ideas for tools and techniques to help crowdsource discovery of problematic packages (e.g. https://github.com/pypa/warehouse/issues/2268), that's a design & implementation question for PyPI as a service, rather than something that needs to be captured in a PSF policy document (and PEP 541 is the latter, hence the slightly modified approval process that involves the PSF more explicitly). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
