Re: [PSF-Community] Dangerous PyPI packages and PSF

On 5 May 2017 at 09:41, Bruno Rocha wrote: > Hi, > > I just read this on reddit[0], a thread asking if PyPI packages are audited > and somebody pointed the `python-nation`[1] which is a harmful and useless > module, installing itself and sending the `/etc/passwd` content to

Re: [PSF-Community] Dangerous PyPI packages and PSF

On 5 May 2017 at 14:10, Gregory P. Smith wrote: > This is not a solvable problem. IMNSHO We should never attempt to implement > pre screening of packages. > > It is a good post-package-upload task for someone to try and do as a > research project. > > Automated code scanning can