the other question is whether there are any others in pypi, and how to effectively detect them mt
On Mar 29, 2012, at 4:06 AM, Michael Foord wrote: > > On 29 Mar 2012, at 12:04, Yuval Greenfield wrote: > >> I really dislike this tomfoolery with bitbucket, you can see that jgrid.org >> is also a DNS redirection or something. It's bad security practice by >> bitbucket to allow this imo. >> >> Users should be trained for consistent address bars with HTTPS only, not all >> these useless copies with strange url's. >> > > > That's not relevant as to whether or not the package in question should be > removed from PyPI though. > > Michael > >> Yuval >> >> On Thu, Mar 29, 2012 at 12:56 PM, M.-A. Lemburg <[email protected]> wrote: >> M.-A. Lemburg wrote: >>> Michael Foord wrote: >>>> Hello mt, >>>> >>>> It doesn't appear to be a clone, but embedding bitbucket - and the Python >>>> package *seems* genuine. >>> >>> The site hosts an illegal copy of the bitbucket site and redirects the >>> logins >>> not to bitbucket, but to the code.thejeshgn.com: >>> >>> http://code.thejeshgn.com/account/signin/ >>> >>> Needless to mention that the login info is sent in clear as well... >>> >>> I think we should inform Atlassian about this. >> >> Looks like he cloned bitbucket for all his bitbucket repos: >> >> http://code.thejeshgn.com/ >> >> and happily proxies requests through his site. >> >>>> The correct place to report issues with pypi is the tracker (no-one on >>>> this webmaster alias is involved in the administration of pypi): >>>> >>>> http://sourceforge.net/tracker/?group_id=66150&atid=513503 >>>> >>>> For *discussing* PyPI issues, which seems wise for this particular >>>> question, the catalog-sig email list is the right place: >>>> >>>> http://www.python.org/community/sigs/current/catalog-sig/ >>>> >>>> I've copied them in on this email >>>> >>>> All the best, >>>> >>>> Michael Foord >>>> >>>> On 29 Mar 2012, at 11:15, m t wrote: >>>> >>>>> hi, >>>>> this package in pypi doesn't redirect to bitbucket, but a cloned site >>>>> that fishes bitbucket emails: >>>>> http://pypi.python.org/pypi/Octopoda/.0.1 >>>>> >>>>> might want to look into it, >>>>> mt >>>>> >>>> >>>> >>>> -- >>>> http://www.voidspace.org.uk/ >>>> >>>> >>>> May you do good and not evil >>>> May you find forgiveness for yourself and forgive others >>>> May you share freely, never taking more than you give. >>>> -- the sqlite blessing >>>> http://www.sqlite.org/different.html >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Catalog-SIG mailing list >>>> [email protected] >>>> http://mail.python.org/mailman/listinfo/catalog-sig >>> >> >> -- >> Marc-Andre Lemburg >> eGenix.com >> >> Professional Python Services directly from the Source (#1, Mar 29 2012) >>>>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ >> ________________________________________________________________________ >> 2012-04-03: Python Meeting Duesseldorf 5 days to go >> >> ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: >> >> >> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 >> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg >> Registered at Amtsgericht Duesseldorf: HRB 46611 >> http://www.egenix.com/company/contact/ >> _______________________________________________ >> Catalog-SIG mailing list >> [email protected] >> http://mail.python.org/mailman/listinfo/catalog-sig >> > > > -- > http://www.voidspace.org.uk/ > > > May you do good and not evil > May you find forgiveness for yourself and forgive others > May you share freely, never taking more than you give. > -- the sqlite blessing > http://www.sqlite.org/different.html > > > > > > _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
