Python programming language:

Work on systems to eradicate malicious software libraries will begin in December.

Python is eating the world: how a developer's parallel project became the most popular programming language
Frustrated by the shortcomings of the programming language, Guido van Rossum created Python. With the language that millions now use, Nick Heath talks with van Rossum about Python's past and explores what follows.
20190630 nick python karen

You should read the developer's content

The Python Software Foundation has revealed that work will begin in December to add "advanced security features" to the Central Python Package Index (PyPI).

PyPI is the official repository of third-party packages for the popular Python programming language and hosts software libraries that are downloaded millions of times a month.

However, there have been cases of developers who hide malicious code in packages hosted in PyPI. Last month, a security research firm identified three PyPI-hosted libraries that contained a hidden backdoor, with 12 equally malicious Python libraries discovered in the service the previous year.

The Python Software Foundation (PSF) has summarized the scale of the challenge of running PyPI.

"PyPI adds tens of thousands of new versions in projects housed in the repository and thousands of new projects monthly," writes the foundation.

"There are constant attempts by bad actors to upload releases and artifacts that include malicious uploads, either in setup.py files or within the package content.

" In addition, spam artists and scams to sometimes they try to create projects that include references and links to deceive search indexes and users. "

The foundation says that the PyPI team only has limited resources to carry out moderation and currently relies on the reports of the community to help mark malicious uploads and spam posts.

VEA: Python is eating the world: how a developer's parallel project became the most popular programming language on the planet (PDF cover)

For this purpose, the PSF is consulting on a new project to develop a better way for users to verify the integrity of PyP downloaded packages I, through the verifiable cryptographic signature of artifacts. The project would also include the development of a system to automate the detection of malicious packages loaded in PyPI, and documentation of these new PyPI features.

The & # 39; Request for information & # 39; It is designed to allow the community and potential contractors to discuss ideas and improve the scope and definition of the project. This consultation will run until September 18 and will follow a Request for Proposals, where contractors will bid to carry out the work.

The project is expected to cost up to $ 65,000, with Facebook donating money to the PSF to help pay for improvements.
Work is expected to begin in December 2019 and take three to five months to complete.

The improvements will benefit the millions of developers who use the language. The unstoppable increase in Python is widely recognized, largely driven by its use for machine learning, and some predict that it can become the most popular programming language in the world, if it can overcome its limitations.

If you are interested in learning more about Python, see the TechRepublic startup guide.

See also

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.