*"The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library."* If you read that carefully, it says these 2 libraries imitated the real libraries. It does not say that the original libraries were compromised.
On Thu, Jan 23, 2020 at 7:50 PM Chihurumnaya Ibiam < ibiamchihurumn...@gmail.com> wrote: > Dateutil has been found to contain malicious code, a github search shows > 10+ uses of dateutil in Sugar Labs repos. > > You can read more about it here > > https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ > _______________________________________________ > Sugar-devel mailing list > Sugar-devel@lists.sugarlabs.org > http://lists.sugarlabs.org/listinfo/sugar-devel >
_______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel