Wonder what the DoJ wants PyPI data for.
<https://...
# randomb
bitter-ability-32190
05/25/2023, 11:59 PMWonder what the DoJ wants PyPI data for.
https://blog.pypi.org/posts/2023-05-24-pypi-was-subpoenaed/
bitter-ability-32190
05/26/2023, 11:54 AMReddit's guess is malware in a package
bitter-ability-32190
05/26/2023, 11:55 AMOne comment there noted that the phrase about how this subpoena didn't have an NDA might be suggestive that other subpoenas came in and DID have one
a
ambitious-actor-36781
05/29/2023, 4:42 AMtwo days later, they make a post about removing IP data from their databases/systems.
Get in.
b
bitter-ability-32190
05/29/2023, 1:13 PMOh yeah that's not surprising. The Head on Infra said they'd be making changes based on this happening
a
ambitious-actor-36781
06/12/2023, 10:38 AMhttps://twitter.com/llm_sec/status/1667573374426701824?s=20
I guess we might have found out why?
b
bitter-ability-32190
06/12/2023, 12:27 PMWhat a clever new attack vector