Turritopsis Dohrnii Teo En Ming <tdtemccna@gmail.com> ezt írta (időpont: 2022. máj. 25., Sze, 15:49):

Subject: Popular Python Package 'ctx' Hijacked to Steal AWS Keys

Good day from Singapore,

Sharing this article for more awareness.

Article: Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys Link: https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.ht...

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 25 May 2022 Wed -- https://mail.python.org/mailman/listinfo/python-list

Hi All, it's got to my mind that PYPA, community, and developers should develop some mechanism to protect against similar threats. For example security checkers could be added to the upload flow, before a package appears, and becomes downloadable. Compiled parts should be allowed only in source, and security checkers would check those too, and compile from source and publish package only after these checks executed and did not found any harmful thing. BR, George