Turritopsis Dohrnii Teo En Ming <tdtemc...@gmail.com> ezt írta (időpont: 2022. máj. 25., Sze, 15:49):
> Subject: Popular Python Package 'ctx' Hijacked to Steal AWS Keys > > Good day from Singapore, > > Sharing this article for more awareness. > > Article: Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked > to Steal AWS Keys > Link: > https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html > > Thank you. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individual in Singapore > 25 May 2022 Wed > -- > https://mail.python.org/mailman/listinfo/python-list Hi All, it's got to my mind that PYPA, community, and developers should develop some mechanism to protect against similar threats. For example security checkers could be added to the upload flow, before a package appears, and becomes downloadable. Compiled parts should be allowed only in source, and security checkers would check those too, and compile from source and publish package only after these checks executed and did not found any harmful thing. BR, George -- https://mail.python.org/mailman/listinfo/python-list
