Sean R. Lynch ☑️ is a user on literati.org. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
always coming home @nightpool@cybre.space

holy shit.

reddit.com/r/Python/comments/8
twitter.com/x0rz/status/994116

"The ssh-decorator package from Python pip had an obvious backdoor"

sends host + username + password to an external website

Sean R. Lynch ☑️ @seanl

@nightpool Chapter four billion, seven hundred thirty-eight thousand, nine hundred twenty-four in why you shouldn't blindly install stuff from a package system anyone can upload to.

· 1 · 2
Sean R. Lynch ☑️ @seanl

@nightpool Or even with your eyes open, since at any time a package could change hands.

literati.org powered by Mastodon