I would like to see a clause added to the "Ivalid Package" section of PEP541 that allows some mechanism for other pypi users to mark a package as spam. Every day i see more spam packages added to pypi and currently the only way to get them removed is to create an issue in github. -Meichthys
I don't know if it would be worth the effort, but I wonder if a Stack Overflow-esque rep system for packages would work. In a perfect world, I'm sure, but maybe not so much in ours. -W On Feb 16, 2018 6:24 PM, "Matt Gieger" <mattbju2013@gmail.com> wrote:
I would like to see a clause added to the "Ivalid Package" section of PEP541 that allows some mechanism for other pypi users to mark a package as spam. Every day i see more spam packages added to pypi and currently the only way to get them removed is to create an issue in github.
-Meichthys
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
On Fri, Feb 16, 2018 at 2:39 PM, Matt Gieger <mattbju2013@gmail.com> wrote:
I would like to see a clause added to the "Ivalid Package" section of PEP541 that allows some mechanism for other pypi users to mark a package as spam. Every day i see more spam packages added to pypi and currently the only way to get them removed is to create an issue in github.
The purpose of PEP 541 is to define which packages can/can't be removed/reassigned. Actually finding those packages is a separate question; that could just be a feature request on a warehouse. What do you mean by a "spam package"? I guess it might be covered under this section: https://www.python.org/dev/peps/pep-0541/#invalid-projects -n -- Nathaniel J. Smith -- https://vorpus.org
Nathaniel Smith <njs@pobox.com> writes:
What do you mean by a "spam package"? I guess it might be covered under this section: https://www.python.org/dev/peps/pep-0541/#invalid-projects
-n
Today lots of packages like the following appeared on PyPI: https://pypi.python.org/pypi/Kim-Kardashian-Hollywood-Hack-Cheats-tars-Cash-... Sooner or later we should find a solution, otherwise the index will become a rubbish receptacle. ciao, lele. -- nickname: Lele Gaifax | Quando vivrò di quello che ho pensato ieri real: Emanuele Gaifas | comincerò ad aver paura di chi mi copia. lele@metapensiero.it | -- Fortunato Depero, 1929.
On 18 February 2018 at 03:48, Lele Gaifax <lele@metapensiero.it> wrote:
Nathaniel Smith <njs@pobox.com> writes:
What do you mean by a "spam package"? I guess it might be covered under this section: https://www.python.org/dev/peps/pep-0541/#invalid-projects
-n
Today lots of packages like the following appeared on PyPI:
https://pypi.python.org/pypi/Kim-Kardashian-Hollywood-Hack-Cheats-tars-Cash-...
Sooner or later we should find a solution, otherwise the index will become a rubbish receptacle.
The incident report (and response status updates) for the current spam attack can be found here: https://status.python.org/incidents/mgjw1g5yjy5j While we have some ideas for tools and techniques to help crowdsource discovery of problematic packages (e.g. https://github.com/pypa/warehouse/issues/2268), that's a design & implementation question for PyPI as a service, rather than something that needs to be captured in a PSF policy document (and PEP 541 is the latter, hence the slightly modified approval process that involves the PSF more explicitly). Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia
On 18 February 2018 at 18:06, Nick Coghlan <ncoghlan@gmail.com> wrote:
On 18 February 2018 at 03:48, Lele Gaifax <lele@metapensiero.it> wrote:
Nathaniel Smith <njs@pobox.com> writes:
What do you mean by a "spam package"? I guess it might be covered under this section: https://www.python.org/dev/peps/pep-0541/#invalid-projects
-n
Today lots of packages like the following appeared on PyPI:
https://pypi.python.org/pypi/Kim-Kardashian-Hollywood-Hack-Cheats-tars-Cash-...
Sooner or later we should find a solution, otherwise the index will become a rubbish receptacle.
The incident report (and response status updates) for the current spam attack can be found here: https://status.python.org/incidents/mgjw1g5yjy5j
While this is still the right link to monitor for updates on this particular incident, folks interested in PyPI's spam handling in general may want to subscribe to https://github.com/pypa/warehouse/issues/2982 Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia
participants (5)
-
Lele Gaifax -
Matt Gieger -
Nathaniel Smith -
Nick Coghlan -
Wayne Werner