Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Seth Larson @sethmlarson@mastodon.social

10/30/2025, 3:44:07 PM

Public

I've published a new white paper with Alpha-Omega about mitigating vulnerabilities in the many implementations of ZIP and tar, archive formats that are used by packaging ecosystems like #Python, #NPM, #NuGet, #Ruby, #Rust, and others.

@pypiPython Package Index mitigated many of these vulnerabilities by aggressively pruning the allowed features of ZIP and tar archives published to PyPI while measuring and minimizing user impact.

Read the full report: https://pyfound.blogspot.com/2025/10/slippery-zips-and-sticky-tar-pits-security-and-archives-white-paper.html

#security #oss #opensource #pypi

Improving security and integrity of Python package archives

Security and integrity of the Python packaging ecosystem is critical, and the smallest unit of a packaging ecosystem is a "package". Python ...

pyfound.blogspot.com · Python Software Foundation Blog

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.social/users/sethmlarson/statuses/115463883837050705 on your instance and quote it. (Note that quoting is not supported in Mastodon.)