[sf-lug] Malware on PyPI repository
rick at linuxmafia.com
Sun Dec 5 16:33:00 PST 2021
Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):
> Well I don't know if you guys have seen this yet.
> This may be the most serious real threat in malware to happen yet.
Er, no, it's not.
Do you download and run random Python code sourced from nobody-in-particular
that's hosted on https://pypi.org/ ? If not, you cannot shoot that
particular gun at your feet.
Distro package maintainers are your friend. By contrast, just fetching
and running random stuff off the Internet is _dangerous_ and will hurt you.
More information about the sf-lug