On Wed, Dec 04, 2019 at 07:17:58PM +0100, Christian Heimes wrote:
>
> At least the first pages are packaging files for Debian, Fedora, and
> other Linux distributions. Downstream distributions provide a Python
>
>
>
> Attackers abuse the fact and try to typo-squat packages in hope that
> somebod
Christian Heimes writes:
> On 04/12/2019 18.59, David Lowry-Duda wrote:
>> I notice that "python3-dateutil" is in over 4000 github repositories
>> [1]. That sounds like a disaster.
>>
>> [1]: https://github.com/search?q=python3-dateutil&type=Code
>
> At least the first pages are packaging files
On 12/4/19 10:59 AM, David Lowry-Duda wrote:
> I notice that "python3-dateutil" is in over 4000 github repositories
> [1]. That sounds like a disaster.
>
> [1]: https://github.com/search?q=python3-dateutil&type=Code
It's clearly not, as Christian has already said. In fact it would be
very diffic
On 04/12/2019 18.59, David Lowry-Duda wrote:
> I notice that "python3-dateutil" is in over 4000 github repositories
> [1]. That sounds like a disaster.
>
> [1]: https://github.com/search?q=python3-dateutil&type=Code
At least the first pages are packaging files for Debian, Fedora, and
other Linux
I notice that "python3-dateutil" is in over 4000 github repositories
[1]. That sounds like a disaster.
[1]: https://github.com/search?q=python3-dateutil&type=Code
- DLD
--
David Lowry-Duda
--
https://mail.python.org/mailman/listinfo/python-list
```
The Python security team removed two trojanized Python libraries from
PyPI (Python Package Index) that were caught stealing SSH and GPG keys
from the projects of infected developers.
The first is "python3-dateutil," which imitated the popular "dateutil"
library. The second is "jeIlyfish" (th
