I suspect malicious phone-home (and other deliberately malicious security) stuff would be very difficult to automatically test for, as you're then in a Volkswagen situation and you'll be entering into an arms race with anyone who is taking such malicious actions.
For other aspects, I'm afraid I don't know of anything beyond manual checking. This could be something interesting to suggest for a PyconUK sprint though, unless anyone finds anything useful before then? I'm not sure how easy automated tool checks would be for it, but at least a list of things to analyse for python packages would be nice. Thanks, S On 27/07/17 01:16, Michael Grazebrook wrote: It's a question which interests me too. If you find some good resources, could you post them to this group? Do you know how much checking is done on the Active State and Anaconda distributions? On 27 July 2017 at 00:17:33 +01:00, p...@getaroundtoit.co.uk<mailto:p...@getaroundtoit.co.uk> wrote: Are you able to recommend materials which deal with the *management precautions* one should take in reviewing a third-party package before use/inclusion in a wider system, please? There are plenty of resources available which deal with the coding-technical side of things, eg dir(), help(), PSL's inspect.py, etc. This enquiry encompasses those, but am particularly interested in security: back-doors, phoning-home, and other 'nasties'; license management; any costs; citation; etc. Will welcome references to articles, tutorials, check-lists, etc... -- Regards, =dn _______________________________________________ python-uk mailing list python-uk@python.org<mailto:python-uk@python.org> https://mail.python.org/mailman/listinfo/python-uk _______________________________________________ python-uk mailing list python-uk@python.org<mailto:python-uk@python.org> https://mail.python.org/mailman/listinfo/python-uk
_______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
