The research in 2016 was done by someone else. The kinda crazy thing is: Some of the package names he used were made available again after that instead of being blocked... And now we own them.
And just to be super clear, this is the code. Hard from scary or obfuscated:
html = urllib_request.urlopen(
"https://www.pytosquatting.org/pingback/pypi/{}/".format(package_name)
)
raise Exception(
"This is a bogus package that should not be installed\n\n"
"Please read https://www.pytosquatting.org"
)
1. We're not obfuscating pingbacks.
2./3. We're raising an exception with an explanation and a link.
Just look at the code of one of our packages: https://pypi.python.org/pypi/codecs
The research in 2016 was done by someone else. The kinda crazy thing is: Some of the package names he used were made available again after that instead of being blocked... And now we own them.