contains a json listing packages which potentially are malicious since they were released during the time when conda-forge's keys were compromised. I'm puzzled that this release is still available on conda-forge but this is their issue. Could you please re-release the package to ensure its security? Even if this was a false-positive and you are certain that it was not tampered with: I could not currently install conda-tree from conda-forge according to my company policies since it is blacklisted via the json from conda-forge.
https://conda-forge.org/blog/posts/2023-03-12-circle-ci-security-breach/#circleci-security-incident
contains a json listing packages which potentially are malicious since they were released during the time when conda-forge's keys were compromised. I'm puzzled that this release is still available on conda-forge but this is their issue. Could you please re-release the package to ensure its security? Even if this was a false-positive and you are certain that it was not tampered with: I could not currently install
conda-tree
from conda-forge according to my company policies since it is blacklisted via the json from conda-forge.Thanks!