Author Anthony Sottile
Recipients Anthony Sottile, Chris Billington, Ethan Smith, Ivan.Pozdeev, Peter L3, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky
Date 2019-03-07.01:41:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1551922911.68.0.160680444043.issue33944@roundup.psfhosted.org>
In-reply-to
Content
I did my best to classify those on pypi that were using `.pth` files.  My initial search had quite a few false positives (and now that I look at it, completely missed `.zip`-based source distributions so there's likely some false negatives as well)

Here's the summary of the categorizations:

$ cut -d, -f2 < data.csv | sort | uniq -c
      2 backport
      4 coverage
      4 debugging
      2 demo
      9 encoding
      7 except-hook
     58 false-positive
      6 import-hook
     20 module-layout
     20 monkeypatch


I realized about halfway through that "monkeypatch" was probably too broad of a category but continued with that through all of them, the monkeypatch category contains a few classes of things: fixing third party libraries, disabling ssl (yikes!), adding some "features" to builtins / stdlib modules -- which unfortunately I didn't really classify properly.

There was a single .pth file that I deemed "malicious" since it completely breaks the `subprocess` module (`subprocess-run`) but other than that they all seemed ~mostly not the worst.

A lot of the `module-layout` ones could be solved with things provided directly by `setuptools`, or just be rearranging their distribution's files.

The raw data is available in csv: https://github.com/asottile/pth-file-investigation/blob/master/data.csv
History
Date User Action Args
2019-03-07 01:41:51Anthony Sottilesetrecipients: + Anthony Sottile, mhammond, barry, brett.cannon, terry.reedy, jaraco, ncoghlan, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, Ethan Smith, cheryl.sabella, Chris Billington, Peter L3
2019-03-07 01:41:51Anthony Sottilesetmessageid: <1551922911.68.0.160680444043.issue33944@roundup.psfhosted.org>
2019-03-07 01:41:51Anthony Sottilelinkissue33944 messages
2019-03-07 01:41:51Anthony Sottilecreate