Irrelevant .whl attachment to tracker issue
https://bugs.python.org/issue41608 Userid ttx11529 uploaded, without posting anything, a file called pb_tool-3.1.0-py3-none-any.whl.
As best I understand, if the name is not forged, this is a file that pip would use to install pb_tool 3.1.0 to any 3.x python. https://pypi.org/project/pb-tool/ "pb_tool provides commands to deploy and publish a QGIS Python plugin."
The user list gives the real name as ปพนพัชร์ บรรพจันทร์. Translate.google.com identifies this as Thai, transliterated to Paphon Phatch Banchan.
This user's only other tracker activity so far was adding self as nosy to https://bugs.python.org/issue43651 45 min before uploading this file.
This could be a clueless newbie, an ordinary spammer, or a malware spreader.
Should anything be done other than marking the file as spam and unlinking it?
Does anyone know how to safely examine the file, and care to?
Terry
At first blush it looks like a normal wheel file:
$ unzip -l pb_tool-3.1.0-py3-none-any.whl Archive: pb_tool-3.1.0-py3-none-any.whl Length Date Time Name --------- ---------- ----- ---- 0 12-22-2018 00:17 pb_tool/__init__.py 42268 11-24-2019 01:50 pb_tool/pb_tool.py 4 12-21-2018 23:11 pb_tool/templates/basic.tmpl 4 12-21-2018 23:11 pb_tool/templates/dialog.tmpl 1034 12-21-2018 23:11 pb_tool/templates/icon.png 2710 11-22-2019 23:39 pb_tool/templates/pb_tool.tmpl 1439 11-22-2019 23:39 pb_tool/templates/dialog/__init__.tmpl 6760 11-22-2019 23:39 pb_tool/templates/dialog/module_name.tmpl 1765 11-22-2019 23:39 pb_tool/templates/dialog/module_name_dialog.tmpl 1518 12-21-2018 23:11 pb_tool/templates/dialog/module_name_dialog_base.ui.tmpl 692 11-22-2019 23:39 pb_tool/templates/dialog/readme.tmpl 117 12-21-2018 23:11 pb_tool/templates/dialog/resources.tmpl 1733 11-22-2019 23:39 pb_tool/templates/dialog/results.tmpl 1089 11-22-2019 23:39 pb_tool/templates/minimal/__init__.py 211 11-22-2019 23:39 pb_tool/templates/minimal/metadata.txt 18027 11-24-2019 01:51 pb_tool-3.1.0.dist-info/LICENSE 877 11-24-2019 01:51 pb_tool-3.1.0.dist-info/METADATA 92 11-24-2019 01:51 pb_tool-3.1.0.dist-info/WHEEL 99 11-24-2019 01:51 pb_tool-3.1.0.dist-info/entry_points.txt 8 11-24-2019 01:51 pb_tool-3.1.0.dist-info/top_level.txt 1844 11-24-2019 01:51 pb_tool-3.1.0.dist-info/RECORD --------- ------- 82291 21 files
Unzipped, pb_tool.py starts with:
$head pb_tool.py """ /*************************************************************************** qpbt A tool for building and deploying QGIS plugins ------------------- begin : 2014-09-24 copyright : (C) 2014 by GeoApt LLC email : gsherman@geoapt.com ***************************************************************************/
Five seconds worth of looking at it doesn't raise any alarms, although I'm not going to install or execute anything!
I think it was probably uploaded in error, and should just be unlinked and marked as spam.
Eric
On 4/29/2021 12:39 AM, Terry Reedy wrote:
https://bugs.python.org/issue41608 Userid ttx11529 uploaded, without posting anything, a file called pb_tool-3.1.0-py3-none-any.whl.
As best I understand, if the name is not forged, this is a file that pip would use to install pb_tool 3.1.0 to any 3.x python. https://pypi.org/project/pb-tool/ "pb_tool provides commands to deploy and publish a QGIS Python plugin."
The user list gives the real name as ปพนพัชร์ บรรพจันทร์. Translate.google.com identifies this as Thai, transliterated to Paphon Phatch Banchan.
This user's only other tracker activity so far was adding self as nosy to https://bugs.python.org/issue43651 45 min before uploading this file.
This could be a clueless newbie, an ordinary spammer, or a malware spreader.
Should anything be done other than marking the file as spam and unlinking it?
Does anyone know how to safely examine the file, and care to?
Terry
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/Y... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- Eric V. Smith
On Thu, Apr 29, 2021 at 7:58 AM Eric V. Smith eric@trueblade.com wrote:
At first blush it looks like a normal wheel file:
[...]
Five seconds worth of looking at it doesn't raise any alarms, although I'm not going to install or execute anything!
I think it was probably uploaded in error, and should just be unlinked and marked as spam.
I agree.
I've unlinked and marked as spam, as suggested.
- Tal
participants (3)
-
Eric V. Smith
-
Tal Einat
-
Terry Reedy