On 29 Mar 2012, at 12:37, m t wrote: > the other question is whether there are any others in pypi, and how to > effectively detect them
Even if the package hosting is unethical it doesn't mean we *must* remove them from pypi. We should only do that if it is malicious (of course if we can't *tell* whether or not it is malicious it becomes a difficult question). Michael > mt > > On Mar 29, 2012, at 4:06 AM, Michael Foord wrote: > >> >> On 29 Mar 2012, at 12:04, Yuval Greenfield wrote: >> >>> I really dislike this tomfoolery with bitbucket, you can see that jgrid.org >>> is also a DNS redirection or something. It's bad security practice by >>> bitbucket to allow this imo. >>> >>> Users should be trained for consistent address bars with HTTPS only, not >>> all these useless copies with strange url's. >>> >> >> >> That's not relevant as to whether or not the package in question should be >> removed from PyPI though. >> >> Michael >> >>> Yuval >>> >>> On Thu, Mar 29, 2012 at 12:56 PM, M.-A. Lemburg <[email protected]> wrote: >>> M.-A. Lemburg wrote: >>>> Michael Foord wrote: >>>>> Hello mt, >>>>> >>>>> It doesn't appear to be a clone, but embedding bitbucket - and the Python >>>>> package *seems* genuine. >>>> >>>> The site hosts an illegal copy of the bitbucket site and redirects the >>>> logins >>>> not to bitbucket, but to the code.thejeshgn.com: >>>> >>>> http://code.thejeshgn.com/account/signin/ >>>> >>>> Needless to mention that the login info is sent in clear as well... >>>> >>>> I think we should inform Atlassian about this. >>> >>> Looks like he cloned bitbucket for all his bitbucket repos: >>> >>> http://code.thejeshgn.com/ >>> >>> and happily proxies requests through his site. >>> >>>>> The correct place to report issues with pypi is the tracker (no-one on >>>>> this webmaster alias is involved in the administration of pypi): >>>>> >>>>> http://sourceforge.net/tracker/?group_id=66150&atid=513503 >>>>> >>>>> For *discussing* PyPI issues, which seems wise for this particular >>>>> question, the catalog-sig email list is the right place: >>>>> >>>>> http://www.python.org/community/sigs/current/catalog-sig/ >>>>> >>>>> I've copied them in on this email >>>>> >>>>> All the best, >>>>> >>>>> Michael Foord >>>>> >>>>> On 29 Mar 2012, at 11:15, m t wrote: >>>>> >>>>>> hi, >>>>>> this package in pypi doesn't redirect to bitbucket, but a cloned site >>>>>> that fishes bitbucket emails: >>>>>> http://pypi.python.org/pypi/Octopoda/.0.1 >>>>>> >>>>>> might want to look into it, >>>>>> mt >>>>>> >>>>> >>>>> >>>>> -- >>>>> http://www.voidspace.org.uk/ >>>>> >>>>> >>>>> May you do good and not evil >>>>> May you find forgiveness for yourself and forgive others >>>>> May you share freely, never taking more than you give. >>>>> -- the sqlite blessing >>>>> http://www.sqlite.org/different.html >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Catalog-SIG mailing list >>>>> [email protected] >>>>> http://mail.python.org/mailman/listinfo/catalog-sig >>>> >>> >>> -- >>> Marc-Andre Lemburg >>> eGenix.com >>> >>> Professional Python Services directly from the Source (#1, Mar 29 2012) >>>>>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>>>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>>>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ >>> ________________________________________________________________________ >>> 2012-04-03: Python Meeting Duesseldorf 5 days to go >>> >>> ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: >>> >>> >>> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 >>> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg >>> Registered at Amtsgericht Duesseldorf: HRB 46611 >>> http://www.egenix.com/company/contact/ >>> _______________________________________________ >>> Catalog-SIG mailing list >>> [email protected] >>> http://mail.python.org/mailman/listinfo/catalog-sig >>> >> >> >> -- >> http://www.voidspace.org.uk/ >> >> >> May you do good and not evil >> May you find forgiveness for yourself and forgive others >> May you share freely, never taking more than you give. >> -- the sqlite blessing >> http://www.sqlite.org/different.html >> >> >> >> >> >> > > -- http://www.voidspace.org.uk/ May you do good and not evil May you find forgiveness for yourself and forgive others May you share freely, never taking more than you give. -- the sqlite blessing http://www.sqlite.org/different.html _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
