Sure, but I'd guess PyPI could cut off much of the really bad stuff, such as mal... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jruohonen 10 months ago \| parent \| context \| favorite \| on: AI can't stop making up software dependencies and ... Sure, but I'd guess PyPI could cut off much of the really bad stuff, such as malware, by AI (as everything is know called). Having a waiting list for false positives would not hurt anyone much. Yet, a foreseeable alternative is that PyPI and friends continue to be dumpyards, but communities will build up whitelists.

simonw 10 months ago [–]

See my comment here for why I don't think that would work: https://news.ycombinator.com/item?id=43665581

There are a small number of PyPI things they require human support queues at the moment and they are sometimes overwhelmed already.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact