Log file Viewer

[10:49:43] <pyusr> is pypi open to add a warning when trying to pip install some package with has a similar name to a popular package , and hasn't been updated in 10 years ?

[10:49:50] <pyusr> (talking about py-spy / pyspy for example)

[10:52:09] <TDKZG> Hi to all! I'm beginner in programming and trying to learn Python. I have installed 2 venv's just for testing. First one is: 'HelloWorld1': pipenv and 2nd: 'HelloWorld2: venv'

[10:52:09] <TDKZG> Windows? I'm using Python 3.7.7 + VS Code

[10:53:06] <TDKZG> If this is wrong place to ask this question, please point me in a right direction. Tnx

[11:00:18] <nedbat> TDKZG: ask in #python

[14:09:26] <tos9> pyusr: I don't know how you'd do that generically, but if there's a malicious package and/or one that's squatting, there are already provisions for those

[14:24:36] <pyusr> maybe look at all the package names, and those with short editing distance that have a high discrepancy between their popularity should produce a warning / error for the non popular one ?

[14:24:40] <pyusr> tos9 ^

[14:42:41] <tos9> pyusr: it's not inherently malicious for a package to have short editing distance to another more popular one

[14:42:52] <tos9> especially for short package names

[14:43:32] <tos9> so personally I'd probably very much not like that sort of thing -- it disadvantages growing new packages