On Sun, Jan 30, 2022 at 12:44 PM Ralf Gommers <ralf.gomm...@gmail.com> wrote:
> > > On Mon, Jun 14, 2021 at 3:22 AM Charles R Harris < > charlesr.har...@gmail.com> wrote: > >> >> >> On Sun, Jun 13, 2021 at 10:47 AM Ralf Gommers <ralf.gomm...@gmail.com> >> wrote: >> >>> Hi all, >>> >>> FYI, I noticed this package that claimed to be maintained by us: >>> https://pypi.org/project/numpy-aarch64/. That's not ours, so I tried to >>> contact the author (no email provided, but guessed the same username on >>> GitHub) and asked to remove it: >>> https://github.com/tomasriv/DNA_Sequence/issues/1. >>> >>> There are a very large number of packages with "numpy" in the name on >>> PyPI, and there's no way we can audit/police that effectively, but if it's >>> a rebuild that pretends like it's official then I think it's worth doing >>> something about. It could contain malicious code for all we know. >>> >>> >> That is a pretty misleading package description, would have fooled me if >> I didn't know better. I didn't get the impression it was malicious, but >> still . . >> > > Hard to know whether it was malicious or not. > > I finally filed a PyPI issue to hand over the package to me so I can > delete the wheel and replace the README: > https://github.com/pypa/pypi-support/issues/1635 > To close the loop on this: I just received admin access to the package and deleted the one release for it, so the name is now safe (I won't release it, just sit on it). Cheers, Ralf
_______________________________________________ NumPy-Discussion mailing list -- numpy-discussion@python.org To unsubscribe send an email to numpy-discussion-le...@python.org https://mail.python.org/mailman3/lists/numpy-discussion.python.org/ Member address: arch...@mail-archive.com
