[Catalog-sig] bad package that's fishing bitbucket emails

Yuval Greenfield ubershmekel at gmail.com
Thu Mar 29 13:04:59 CEST 2012 

I really dislike this tomfoolery with bitbucket, you can see that jgrid.org is
also a DNS redirection or something. It's bad security practice by
bitbucket to allow this imo.

Users should be trained for consistent address bars with HTTPS only, not
all these useless copies with strange url's.

Yuval

On Thu, Mar 29, 2012 at 12:56 PM, M.-A. Lemburg <mal at egenix.com> wrote:

> M.-A. Lemburg wrote:
> > Michael Foord wrote:
> >> Hello mt,
> >>
> >> It doesn't appear to be a clone, but embedding bitbucket - and the
> Python package *seems* genuine.
> >
> > The site hosts an illegal copy of the bitbucket site and redirects the
> logins
> > not to bitbucket, but to the code.thejeshgn.com:
> >
> > http://code.thejeshgn.com/account/signin/
> >
> > Needless to mention that the login info is sent in clear as well...
> >
> > I think we should inform Atlassian about this.
>
> Looks like he cloned bitbucket for all his bitbucket repos:
>
> http://code.thejeshgn.com/
>
> and happily proxies requests through his site.
>
> >> The correct place to report issues with pypi is the tracker (no-one on
> this webmaster alias is involved in the administration of pypi):
> >>
> >>      http://sourceforge.net/tracker/?group_id=66150&atid=513503
> >>
> >> For *discussing* PyPI issues, which seems wise for this particular
> question, the catalog-sig email list is the right place:
> >>
> >>      http://www.python.org/community/sigs/current/catalog-sig/
> >>
> >> I've copied them in on this email
> >>
> >> All the best,
> >>
> >> Michael Foord
> >>
> >> On 29 Mar 2012, at 11:15, m t wrote:
> >>
> >>> hi,
> >>> this package in pypi doesn't redirect to bitbucket, but a cloned site
> that fishes bitbucket emails:
> >>> http://pypi.python.org/pypi/Octopoda/.0.1
> >>>
> >>> might want to look into it,
> >>> mt
> >>>
> >>
> >>
> >> --
> >> http://www.voidspace.org.uk/
> >>
> >>
> >> May you do good and not evil
> >> May you find forgiveness for yourself and forgive others
> >> May you share freely, never taking more than you give.
> >> -- the sqlite blessing
> >> http://www.sqlite.org/different.html
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Catalog-SIG mailing list
> >> Catalog-SIG at python.org
> >> http://mail.python.org/mailman/listinfo/catalog-sig
> >
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source  (#1, Mar 29 2012)
> >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
> >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> 2012-04-03: Python Meeting Duesseldorf                      5 days to go
>
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>
>
>   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>           Registered at Amtsgericht Duesseldorf: HRB 46611
>               http://www.egenix.com/company/contact/
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120329/e91fd604/attachment-0001.html>

More information about the Catalog-SIG mailing list