Hi,

I just read this on reddit[0], a thread asking if PyPI packages are audited
and somebody pointed the `python-nation`[1] which is a harmful and useless
module, installing itself and sending the `/etc/passwd` content to external
endpoint.

The app receiving the data is hosted at http://python-nation.herokuapp.com

and as the PSF mission [2] says

The mission of the Python Software Foundation is to promote, protect, and
advance the Python programming language

I wonder if there are some workgroup at PSF to handle this? and not only
the specific case of `python-nation` which should be deleted and the user
banned maybe, But also to handle the audit of other packages?


[0] https://www.reddit.com/r/Python/comments/697da2/does_
pypi_review_code_thats_uploaded/
[1] https://www.reddit.com/r/Python/comments/697da2/does_
pypi_review_code_thats_uploaded/dh4uyf8/
[2] https://www.python.org/psf/mission/


Cheers,

-- 

*Bruno Rocha - @rochacbruno <http://twitter.com/rochacbruno>*
http://brunorocha.org
_______________________________________________
PSF-Community mailing list
PSF-Community@python.org
https://mail.python.org/mailman/listinfo/psf-community

Reply via email to