There was an ANN for this issue:
[Python-Dev] SK-CSIRT identified malicious software libraries in the official
Python package repository, PyPI
https://mail.python.org/pipermail/python-dev/2017-September/149569.html
[Security-announce] Typo squatting and malicious packages on PyPI
Hi Donald,
On Wed, Oct 25, 2017 at 6:52 PM, Donald Stufft wrote:
> Sorry for the delay in response.
No problem, I know how overwhelmingly busy you are.
> So we actually *do* disallow package names with the same name as stdlib
> modules, however because there are a number of
Sorry for the delay in response.
So we actually *do* disallow package names with the same name as stdlib
modules, however because there are a number of them that exist today and are
useful (asyncio, ssl, etc) the way we’ve implemented this is that *new*
projects cannot be created with the same