@remram44 Do you do automated analysis to find oddities? Would be interested to run those scripts myself... I was also thinking about installing all python packages in a sandbox to automagically analyze if they to bad stuff such as making themselves auto-run, reading your .ssh or .gnupg folder...
Would also be helpful to check a package before blindly installing it.
@balu All I do is unzip the archives to build a database of files. I didn't try to install or run them.
Finding such issues automatically would probably be very difficult...
@remram44 Ok. Would be interesting to use some dynamic analysis techniques as they are used for malware analysis. Yes, I guess this won't be an afternoon project. But it would be helpful to detect malicious pip packages (which I heard that they exist).
@remram44 Item 5 in the latest Python Bites discusses updates to PyPi and expressed incredulity that it had not been hit by worse exploits by now given the lack of protection. https://pythonbytes.fm/episodes/show/110/python-year-in-review-2018-edition
@krozruch I didn't know about this podcast! I don't like it :/ but thanks for pointing it out!
@remram44 :D It is fairly standard corporate fare, but gives me a couple of pointers here and there.
Framapiaf est un service de microblog similaire à Twitter. Il est libre, décentralisé et fédéré. Il permet de courts messages (max. 500 caractères), de définir leur degré de confidentialité et de suivre les membres du réseau sans publicité ni pistage.