fsebugoutzone.org:9999

       Post 9pdRDCQ7jjfpq3PyWe by bulkington@radical.town
 (DIR) More posts by bulkington@radical.town
 (DIR) Post #9pdKngfB2Xg29XzQjg by ParadeGrotesque@mastodon.sdf.org
       2019-12-04T21:16:22Z
       
       0 likes, 1 repeats
       
       Two malicious Python 🐍  libraries caught stealing SSH and GPG keys:https://developers.slashdot.org/story/19/12/04/1430223/two-malicious-python-libraries-caught-stealing-ssh-and-gpg-keysFrom the article:The first is &quot;python3-dateutil,&quot; which imitated the popular &quot;dateutil&quot; library. The second is &quot;jeIlyfish&quot; (the first L is an I), which mimicked the &quot;jellyfish&quot; library.Both have since been removed.
       
 (DIR) Post #9pdLCCkjNpHEcwHKQC by fitheach@mstdn.io
       2019-12-04T21:20:51Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque I was thinking about this earlier, when I upgraded jrnl. jrnl uses python-dateutil, which I noticed whizzing past on the terminal as I did the upgrade.
       
 (DIR) Post #9pdRDCQ7jjfpq3PyWe by bulkington@radical.town
       2019-12-04T22:28:09Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque I like python a lot, but the pip ecosystem is just garbage.
       
 (DIR) Post #9pdiFqS3ZTItnEAYsq by Huggles@linuxrocks.online
       2019-12-05T01:39:14Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque this is why your ssh and gpg keys should always be password protected.