On Thursday, June 1, 2017, Matt Joyce <[email protected]> wrote:
> Force packages to match their higher level import namespace in future
> major Python versions and PEP it.
>
__import__('siht'[::-1])
Though static analysis would still be great.
>
> On Jun 1, 2017 7:37 PM, "Noah Kantrowitz" <[email protected]
> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote:
>
>>
>> > On Jun 1, 2017, at 4:00 PM, Nick Timkovich <[email protected]
>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote:
>> >
>> > This issue was also brought up in January at
>> https://github.com/pypa/pypi-legacy/issues/585 then just as after the
>> initial "typosquatting PyPI" report (June 2016) it's met with resounding
>> silence. Attacking the messenger doesn't seem like a winning move from a
>> security standpoint.
>> >
>> > Can we come up with a plan to address the underlying issue and protect
>> users?
>>
>> If you have a systemic solution I'm sure we would love to hear it :)
>>
>> --Noah
>>
>>
>>
>> _______________________________________________
>> Distutils-SIG maillist - [email protected]
>> <javascript:_e(%7B%7D,'cvml','[email protected]');>
>> https://mail.python.org/mailman/listinfo/distutils-sig
>>
>>
_______________________________________________
Distutils-SIG maillist - [email protected]
https://mail.python.org/mailman/listinfo/distutils-sig
