Re: Open source archives hosting malicious software packages

On Fri, 22 Sep 2017 01:00:22 +1200 Kent Fredric wrote: > On 22 September 2017 at 00:11, David Cantrell > wrote: > > > But is anyone paying attention? I assume you're talking about > > #cpantesters, which I'm on, but I hardly ever look at it, and

Re: Open source archives hosting malicious software packages

On 22 September 2017 at 00:11, David Cantrell wrote: > But is anyone paying attention? I assume you're talking about > #cpantesters, which I'm on, but I hardly ever look at it, and when I do > look I certainly don't look at scrollback, let alone looking at > scrollback

Re: Open source archives hosting malicious software packages

On Wed, Sep 20, 2017 at 11:13:50PM +0100, David Precious wrote: > One thing I thing is good to consider is the fact that all CPAN releases > get announced on a quite populated IRC channel, increasing the chance of > someone spotting a release announcement and thinking "hmm, that looks > dodgy" -

Re: Open source archives hosting malicious software packages

On 21 September 2017 at 20:24, Neil Bowers wrote: > I’ll tweak my script to not worry about packages in the same distribution > (eg Acme::Flat::GV and Acme::Flat::HV). Then I just need to get a list of > new packages each day, and I’m just about there :-) I'd probably

Re: Open source archives hosting malicious software packages

> Would anyone know of any prior art for detection of "short edit distances"? > (Perhaps even already on CPAN?) As David & Zefram pointed out, Levenshtein is the classic algorithm for this, but there are plenty of others; in the SEE ALSO for Text::Levenshtein I’ve listed at least some of the