Malicious Libraries found in PyPi


#1

Someone found malicious libraries uploaded to PyPI …

It’s just a matter of time before we have to start signing everything. I can’t even recall if PIP/python packages support that.

  • Austin

#2

Guido started a Python Security mailing list as a response to this incident:

https://mail.python.org/mm3/mailman3/lists/security-announce.python.org/