"The ssh-decorator package from Python pip had an obvious backdoor"
sends host + username + password to an external website
@nightpool that's not just a backdoor, that's blatant exfiltration. (Over HTTP, which is a crime of its own.)
@alfajet which is completely pointless, given that dot cf never provides any personal details........
@nightpool Chapter four billion, seven hundred thirty-eight thousand, nine hundred twenty-four in why you shouldn't blindly install stuff from a package system anyone can upload to.
@nightpool It's almost like that practice of basically forcing people to put plaintext passwords in ~/.pypirc and never checking signagures wasn't the best idea :/
ｃｙｂｒｅｓｐａｃｅ: the social hub of the information superhighway
jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal