Cronical on Nostr: The researchers note that sometimes the compiled “wheels” are not in fact derived ...
The researchers note that sometimes the compiled “wheels” are not in fact derived from the source. https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
This opens up a possible mitigation for dev users. While not necessarily easy, I believe it is possible to recompile from source. I wonder if #pypi will be able to prevent this mismatch somehow?
#python
From: npub153tuvlsch664k4nhu3wleh6pdmqx6p0kmmntkzccf8ucatg3v2mq6kuec4 (npub153t…uec4)
https://mastodon.social/@ninjaowl/111583999323280858
This opens up a possible mitigation for dev users. While not necessarily easy, I believe it is possible to recompile from source. I wonder if #pypi will be able to prevent this mismatch somehow?
#python
From: npub153tuvlsch664k4nhu3wleh6pdmqx6p0kmmntkzccf8ucatg3v2mq6kuec4 (npub153t…uec4)
https://mastodon.social/@ninjaowl/111583999323280858