tiflolinux.org - GNU Social
  • Login

Bienvenido

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Ludovic Courtès (civodul@toot.aquilenet.fr)'s status on Thursday, 05-Jan-2023 12:26:23 CET Ludovic Courtès Ludovic Courtès

    #PyTorch victim of a “supply chain” attack:
    https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected

    It boils down to “dependency confusion” (really: confused deputy problem), where PyPI packages refer to dependencies by name, which (surprise!) is ambiguous.

    Another good illustration for https://hpc.guix.info/blog/2021/09/whats-in-a-package/.

    In conversation Thursday, 05-Jan-2023 12:26:23 CET from toot.aquilenet.fr permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    tiflolinux.org - GNU Social is a social network, courtesy of tiflolinux.org. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All tiflolinux.org - GNU Social content and data are available under the Creative Commons Attribution 3.0 license.