Популярность имеет свои минусы. Чем популярней язык программирования, тем выше его распространённость, а значит найдутся те кто поспешит воспользоваться этим.
С ростом популярности Python всё больше на PyPi появляется вредоносных пакетов. Трояны, стиллеры и доставщики более опасных вредоносов.
Команда PyPi постоянно мониторит подобные случаи но и их возможности достигли предела. В результате сервис временно закрывает возможность заливки новых пакетов и регистрации юзеров.
PyPI new user and new project registrations temporarily suspended
Возможно одной из причин большого наплыва вредоносов является резко возросшая доступность их создания. Сегодня любой, даже не программист, может попросить у ChatGPT написать необходимый код и все инструкции для атаки.
Основной тип атаки - рассчёт на опечатку в названии пакета. Если невнимательный программист случайно установит pilow или djangoo, считай что вредонос уже в системе.
Чтобы избежать подобных факапов я рекомендую:
▫️ Всегда работайте в виртуальном окружении, неизвестные проекты устанавливайте внутри контейнеров.
▫️ Используйте файл requirements.txt вместо ручной установки пакетов
▫️ Очень внимательно пишите названия пакетов, а после написания проверьте еще раз. Сверьте с названием из документации.
▫️ После успешных тестов всегда фиксируйте версию пакета. Бывали случаи когда опасный код добавляли в новые версии. К тому же и без этой опасности не рекомендуется ставить по умолчанию последнюю версию.
▫️ Используйте вспомогательные инструменты для проверки безопасности, например https://pyup.io/safety или https://github.com/PyCQA/bandit. Они помогут не только найти опасный код в чужих пакетах, но и ваш код проверит на уязвимости.
Будем надеяться что PyPi переосмыслит методы борьбы с вредоносами, например внедрит ИИ для проверки как симметричный шаг.
#offtop
Explainer from #Addis_Standard Newsroom:
As of 24 February, Addis Standard has not received any formal written notice, legally mandated opportunity to respond, or reasoned decision preceding the #Ethiopian Media Authority’s public claim, made via social media, that our online media registration was revoked.
Ethiopian media law is clear: suspension or revocation of a media license must follow a defined process, including written notice, a 14-working-day right of response, a reasoned decision, and access to appeal before the Authority’s Board of Directors.
None of these mandatory steps have been observed. Addis Standard remains fully operational and continues its public-interest journalism in good faith, while its publisher, #JAKENN Publishing PLC, pursues clarification and rectification through lawful channels. This matter goes beyond one newsroom, it concerns whether media regulation in Ethiopia is governed by law, due process, and institutional accountability.
Read the explainer: https://addisstandard.com/?p=55392
News: Publisher challenges #EMA’s revocation of Addis Standard registration, cites due process violations
#JAKENN Publishing P.L.C., the publisher of #Addis_Standard, has formally contested the decision by the #Ethiopian Media Authority (EMA) to revoke the outlet’s online media registration certificate, arguing that the move lacks legal basis and violates due process guarantees under Ethiopian law.
The response follows an announcement circulated on the Authority’s official social media channels on 24 February 2026, stating that Addis Standard’s registration had been revoked.
In a letter addressed to the EMA Board of Directors, JAKENN said a legal review found the announcement “exceeds the Authority’s procedural powers” and is incompatible with safeguards provided under Media Proclamation No. 1238/2021, as amended by Proclamation No. 1374/2025.
The publisher stressed that Addis Standard is operated by JAKENN Publishing P.L.C., a legally registered private....
Read more: https://addisstandard.com/?p=55387
News: #Ethiopian Media Authority revokes Addis Standard’s online media registration; Editor-in-Chief disputes claims
The Ethiopian Media Authority (#EMA) has announced the revocation of the online media registration certificate of #Addis_Standard, effective 24 February 2026, citing repeated violations of media ethics, national laws, and what it described as the country’s national interests.
The statement did not specify which reports or actions formed the basis of the decision.
Responding to the EMA’s announcement, Yonas Kedir, Editor-in-Chief of Addis Standard publications, rejected the Authority’s claims, saying the outlet had never received any formal notices of violations.
“The claim that Addis Standard received repeated notices is factually incorrect. At no point has the Ethiopian Media Authority formally notified Addis Standard newsroom of any prior violations or enforcement actions,” he said. He added that the publisher, #JAKENN Publishing PLC, ..…
Read more: https://addisstandard.com/?p=55383
News: #CPJ calls for release of #Addis_Standard editor seized by unidentified men
The Committee to Protect Journalists has called on #Ethiopian authorities to urgently locate and release #Million_Beyene, who was taken by unidentified individuals from the newsroom of Addis Standard in the capital.
In a statement issued on April 16, CPJ said Million was seized on Wednesday morning by a group of men in plainclothes from the outlet’s newsroom in #Addis_Abeba and taken to an undisclosed location.
#JAKENN Publishing PLC, publisher of Addis Standard, says the whereabouts of its Managing Editor, Million Beyene, remain unknown nearly 24 hours after he was taken by unidentified individuals from the newsroom.
In an update issued this morning, the publisher said concerns are growing over his safety, noting that his family is “increasingly distressed and deeply concerned.”
CPJ described the incident as alarming and urged authorities to determine those responsible
Read more: https://addisstandard.com/?p=56534