[sf-lug] Malware on PyPI repository

Rick Moen rick at linuxmafia.com
Sun Dec 5 16:33:00 PST 2021


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> Well I don't know if you guys have seen this yet.
> This may be the most serious real threat in malware to happen yet.

Er, no, it's not.

Do you download and run random Python code sourced from nobody-in-particular 
that's hosted on https://pypi.org/ ?  If not, you cannot shoot that
particular gun at your feet.

Distro package maintainers are your friend.  By contrast, just fetching
and running random stuff off the Internet is _dangerous_ and will hurt you.




More information about the sf-lug mailing list