On 2024-09-09 12:43:12, Georgi Guninski wrote: > > The DevOps and security firm estimates there are around 22,000 > packages in PyPI vulnerable to a revive hijack attack, and the > researchers noted they've already spotted the technique being used in > the wild to infect the pingdomv3 package.
Solved 30 years ago. Pip is not a package manager, only a fool would install anything from pypi, npm, crates, etc, etc. Use only distro packages. Downloading executables from strangers cannot be made safe. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/Zt7MXoo-dBfGf-4L%40stitch.
