I suspect malicious phone-home (and other deliberately malicious security) 
stuff would be very difficult to automatically test for, as you're then in a 
Volkswagen situation and you'll be entering into an arms race with anyone who 
is taking such malicious actions.

For other aspects, I'm afraid I don't know of anything beyond manual checking. 
This could be something interesting to suggest for a PyconUK sprint though, 
unless anyone finds anything useful before then? I'm not sure how easy 
automated tool checks would be for it, but at least a list of things to analyse 
for python packages would be nice.

Thanks,
S

On 27/07/17 01:16, Michael Grazebrook wrote:
It's a question which interests me too. If you find some good resources, could 
you post them to this group?

Do you know how much checking is done on the Active State and Anaconda 
distributions?

On 27 July 2017 at 00:17:33 +01:00, 
p...@getaroundtoit.co.uk<mailto:p...@getaroundtoit.co.uk> wrote:
Are you able to recommend materials which deal with the *management 
precautions* one should take in reviewing a third-party package before 
use/inclusion in a wider system, please?


There are plenty of resources available which deal with the coding-technical 
side of things, eg dir(), help(), PSL's inspect.py, etc.

This enquiry encompasses those, but am particularly interested in security: 
back-doors, phoning-home, and other 'nasties'; license management; any costs; 
citation; etc.


Will welcome references to articles, tutorials, check-lists, etc...

--
Regards,
=dn
_______________________________________________
python-uk mailing list
python-uk@python.org<mailto:python-uk@python.org>
https://mail.python.org/mailman/listinfo/python-uk




_______________________________________________
python-uk mailing list
python-uk@python.org<mailto:python-uk@python.org>
https://mail.python.org/mailman/listinfo/python-uk


_______________________________________________
python-uk mailing list
python-uk@python.org
https://mail.python.org/mailman/listinfo/python-uk

Reply via email to