<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Chris Lamb pushed to branch master
at <a href="https://salsa.debian.org/reproducible-builds/reproducible-website">Reproducible Builds / reproducible-website</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d">4cb7e2c7</a></strong>
<div>
<span>by Chris Lamb</span>
<i>at 2021-08-05T09:43:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">2021-07: Add another source for the PyPI issue.
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#91e7f7a560867906c84e07b5b1698a1be95ca383">
_reports/2021-07.md
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="91e7f7a560867906c84e07b5b1698a1be95ca383">
<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d#91e7f7a560867906c84e07b5b1698a1be95ca383"><strong>_reports/2021-07.md</strong></a>
<hr>
<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">
<tr class="line_holder match" id="" style="line-height: 1.6;">
<td class="diff-line-num unfold js-unfold old_line" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="diff-line-num unfold js-unfold new_line" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>
<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -22,7 +22,7 @@ On Friday 27th August, Duc Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
22
</td>
<td class="new_line diff-line-num" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
22
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC22" class="line" lang="markdown"></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="23" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
23
</td>
<td class="new_line diff-line-num" data-linenumber="23" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
23
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC23" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">![</span><span class="p">](</span><span class="sx" style="color: #d14;">{{</span> <span class="nn" style="color: #555;">"/images/reports/2021-07/arstechnica.jpg#right"</span> | relative_url }})](https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/)</span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="24" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
24
</td>
<td class="new_line diff-line-num" data-linenumber="24" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
24
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC24" class="line" lang="markdown"></span>
</pre>
</td>
</tr>
<tr class="line_holder old" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num old" data-linenumber="25" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
25
</td>
<td class="new_line diff-line-num old" data-linenumber="25" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
 
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">
<pre style="margin: 0;">-<span id="LC25" class="line" lang="markdown">Last month, we linked to <span class="p">[</span><span class="nv" style="color: #008080;">Ars Technica</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/</span><span class="p">)</span>'s report that 'counterfeit' packages on <span class="p">[</span><span class="nv" style="color: #008080;">PyPI</span><span class="p">](</span><span class="sx" style="color: #d14;">https://pypi.org/</span><span class="p">)</span>, the official Python package repository, <span class="p">[</span><span class="nv" style="color: #008080;">contained secret code that installed cryptomining software on infected machines</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/</span><span class="p">)</span>. This month, however, Dan Goodin reported on another PyPI malware issue: in <span class="p">[</span><span class="nv" style="color: #008080;">**Software downloaded 30,000 times from PyPI ransacked developers' machines**</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/</span><span class="p">)</span>, Dan writes about a number of malicious payloads (such as <span class="p">[</span><span class="nv" style="color: #008080;">Discord</span><span class="p">](</span><span class="sx" style="color: #d14;">https://discord.com/</span><span class="p">)</span> token and credit card 'stealers') that appear to have targeted programmers' computers.</span>
</pre>
</td>
</tr>
<tr class="line_holder new" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num new" data-linenumber="26" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
 
</td>
<td class="new_line diff-line-num new" data-linenumber="25" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
25
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">
<pre style="margin: 0;">+<span id="LC25" class="line" lang="markdown">Last month, we linked to <span class="p">[</span><span class="nv" style="color: #008080;">Ars Technica</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/</span><span class="p">)</span>'s report that 'counterfeit' packages on <span class="p">[</span><span class="nv" style="color: #008080;">PyPI</span><span class="p">](</span><span class="sx" style="color: #d14;">https://pypi.org/</span><span class="p">)</span>, the official Python package repository, <span class="p">[</span><span class="nv" style="color: #008080;">contained secret code that installed cryptomining software on infected machines</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/</span><span class="p">)</span>. This month, however, Dan Goodin reported on another PyPI malware issue: in <span class="p">[</span><span class="nv" style="color: #008080;">**Software downloaded 30,000 times from PyPI ransacked developers' machines**</span><span class="p">](</span><span class="sx" style="color: #d14;">https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/</span><span class="p">)</span>, Dan writes about a number of malicious payloads (such as <span class="p">[</span><span class="nv" style="color: #008080;">Discord</span><span class="p">](</span><span class="sx" style="color: #d14;">https://discord.com/</span><span class="p">)</span> token and credit card 'stealers') that appear to have targeted programmers' computers.<span class="idiff left"> (</span><span class="p"><span class="idiff">[</span></span><span class="nv" style="color: #008080;"><span class="idiff">Another source</span></span><span class="p"><span class="idiff">](</span></span><span class="sx" style="color: #d14;"><span class="idiff">https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/</span></span><span class="p"><span class="idiff">)</span></span><span class="idiff right">.)</span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="26" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
26
</td>
<td class="new_line diff-line-num" data-linenumber="26" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
26
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC26" class="line" lang="markdown"></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="27" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
27
</td>
<td class="new_line diff-line-num" data-linenumber="27" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
27
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC27" class="line" lang="markdown"><span class="nt" style="color: #000080;"><br></span></span>
</pre>
</td>
</tr>
<tr class="line_holder" id="" style="line-height: 1.6;">
<td class="old_line diff-line-num" data-linenumber="28" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
28
</td>
<td class="new_line diff-line-num" data-linenumber="28" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
28
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">
<pre style="margin: 0;"> <span id="LC28" class="line" lang="markdown"></span>
</pre>
</td>
</tr>

</table>
<br>
</li>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">

<br>
<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d"}}</script>


</p>
</div>
</body>
</html>