Skip to content

defend against dependency confusion attack

like @abbrent said, using own packages like tsm-datastore-lib and minio-cli-wrapper has the risk for this:

https://www.heise.de/news/Verwirrung-um-vermeintlichen-Dependency-Confusion-Angriff-auf-deutsche-Firmen-7089135.html

We should host own packages also at PyPI (prevents loss of package-name to attackers which could find our package names maybe by shodan).

@schaefed @palmb How is SaQC team handling this?

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog