Y
Hacker News
new
|
ask
|
show
|
jobs
by
qbasic_forever
1306 days ago
LMAO the supply chain attack potential is epic. Oopsie the author of leftpad clicked the wrong button and now an unknown entity owns their package and just updated it with malicious content!
2 comments
hailwren
1306 days ago
How is this different from our current signing key system?
link
qbasic_forever
1306 days ago
My signing keys aren't tied to obscure 'smart contracts' that execute code when I do things like try to delete them.
link
cuteboy19
1306 days ago
If you are pwned you can contact pypi and get it fixed
link
beckingz
1306 days ago
Regular phishing. Oopsie!
link