[Catalog-sig] bunch of spam packages

Robert Kern robert.kern at gmail.com
Sun Jan 1 19:35:44 CET 2012

On 1/1/12 5:37 PM, Chris Withers wrote:
> On 01/01/2012 13:26, Robert Kern wrote:
>> On 12/31/11 11:29 AM, Chris Withers wrote:
>>> http://pypi.python.org/pypi/girlfriends/1.0
>>> http://pypi.python.org/pypi/house/0.9
>>> http://pypi.python.org/pypi/hardwork/0.9
>>> http://pypi.python.org/pypi/car/0.9
>>> ...all spamvertising the same website.
>> It appears to me to be an honest attempt at humor[1] using the
>> setuptools dependency mechanism rather than spam per se. Using Google
>> Translate on the blog, it looks plausibly like a legitimate Chinese
>> Python blogger.
>> [1] Albeit lame and sexist to my American ears. Perhaps it plays better
>> in China.
> They're junk, and should be removed,

I don't disagree per se[1], but I do think that in this case an email to the 
author (or blog comment) first would be a better response than silently removing 
the packages.

[1] Though to be fair, we would also have to remove antigravity, which I didn't 
want to do before this set of joke package. Alas, there is no policy that allows 
antigravity while forbidding girlfriend except perhaps taste.


> along with all the .nested list printers

Similarly, I think that something along the lines of a single, mass-Bcc'ed email 
to the authors on record would be better than silently removing the packages. If 
only we could borrow Guido's time machine to prevent the author of _Head First 
Python_ from using this as an exercise...

> I have to say, I like the idea of requiring moderation for your first package...

Except for the nested list printers, there hasn't been a significant problem 
that moderation would solve, in my opinion.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Catalog-SIG mailing list