On 2 June 2017 at 18:05, Nick Coghlan <ncogh...@gmail.com> wrote: > On 2 June 2017 at 09:00, Nick Timkovich <prometheus...@gmail.com> wrote: > > This issue was also brought up in January at > > https://github.com/pypa/pypi-legacy/issues/585 then just as after the > > initial "typosquatting PyPI" report (June 2016) it's met with resounding > > silence. Attacking the messenger doesn't seem like a winning move from a > > security standpoint. > > > > Can we come up with a plan to address the underlying issue and protect > > users? > > I like the suggestion of an auto-generated "common 404" blacklist, > where regularly queried-but-nonexistent names can't be registered > without prior approval by the PyPI admins or the PSF. >
I like it also, but it adds an additional administration burden on top of that which is not being coped with at the moment. 117 open issues in https://github.com/pypa/pypi-legacy/issues 219 open support tickets in https://sourceforge.net/p/pypi/support-requests/ Richard
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig