On 5 May 2017 at 09:41, Bruno Rocha wrote:
> Hi,
>
> I just read this on reddit[0], a thread asking if PyPI packages are audited
> and somebody pointed the `python-nation`[1] which is a harmful and useless
> module, installing itself and sending the `/etc/passwd` content to
On 5 May 2017 at 14:10, Gregory P. Smith wrote:
> This is not a solvable problem. IMNSHO We should never attempt to implement
> pre screening of packages.
>
> It is a good post-package-upload task for someone to try and do as a
> research project.
>
> Automated code scanning can