Yes, http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ … is a big issue for #PyPI and #Python ecosystem.
No, magic crypto voodoo fairy dust won't solve the issue.
-
Show this thread
-
Billion dollar companies struggle with malware in their app stores. PyPI has $0 budget and allows upload of arbitrary code by design.
2 replies 17 retweets 18 likesShow this thread -
Crypto is actually simple compared to code review, identity management, trust model, and PKI for signed PyPI packages.
2 replies 3 retweets 8 likesShow this thread -
Business idea: provide a subscription service for curated PyPI with reviewed, verified and signed Python packages.
4 replies 2 retweets 3 likesShow this thread -
OK Twitter, your timing is impeccable and hilarious. I'm suggesting a third party to verify packages and
@jedisct1 retweets this:pic.twitter.com/XXGBaSGwtY
3 replies 1 retweet 5 likesShow this thread
Replying to @ChristianHeimes
Hahaha :)
12:41 PM - 17 Sep 2017
from Bonneval-sur-Arc, France
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.