Which is correct?
Quote: "...a Tokyo-based IP address (22.214.171.124)..."
A whois request says it's Singapore.....
The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted. Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement …
Prefix whois is more accurate for these sorts of things, as its based on the global routing table rather than just the network allocation - the whois record you are saying "its Singapore" is just saying that the /16 is registered in Singapore, where as prefix whois determines what AS it is in and where that AS is located.
> $ whois -h whois.pwhois.org 126.96.36.199
AS-Path: 8220 1299 2516 132203
AS-Org-Name: Tencent Building, Kejizhongyi Avenue
Org-Name: ACEVILLE PTE.LTD.
But it's stories like these that make me love even these deficiencies of the C++ ecosystem.
But at least the risc of catching, and distributing, something nasty is lessened.
Even though a lot of work was done to improve scalability, there remain lots of elementary problems with PyPI. For example, I need to change the project homepage for one of my packages but I cannot do this through the website, I must create a new version of the package and upload it.
I love the Python language but it's an open secret that the infrastructure doesn't get the attention it needs. Instead we're being force fed things like type hints…
Biting the hand that feeds IT © 1998–2021