Closed hentai-chan closed 2 years ago
This looks a lot like when people buy domains for parking, expecting to sell later. But not sure what's this user's intentions with so many empty repositories.
The folks working with security, could possibly run a weekly query, looking for users that created more than 2 or three empty repositories in the last week and flag them for inspection I think.
Confirming the issue, would like the apps namespace myself.
In addition to my previous submission, I'd like to point out that Collie is still uploading empty packages as we speak. For the sake of completeness, please consider also removing the following packages from PyPI. It may also be necessary to terminate their account and ban their IP to prevent them from registering a new account:
PROJECT_NAME
: organizationPROJECT_NAME
: repositoryPROJECT_NAME
: technologyPROJECT_NAME
: endeavorPROJECT_NAME
: zealPROJECT_NAME
: developmentPROJECT_NAME
: vkitPROJECT_NAME
: softxPROJECT_NAME
: advancedPROJECT_NAME
: managedPROJECT_NAME
: professionPROJECT_NAME
: professionalPROJECT_NAME
: kanoPROJECT_NAME
: leaderPROJECT_NAME
: darlingPROJECT_NAME
: innovativePROJECT_NAME
: expeditionPROJECT_NAME
: KeyLabPROJECT_NAME
: isPROJECT_NAME
: forPROJECT_NAME
: 2021PROJECT_NAME
: gloryPROJECT_NAME
: kunPROJECT_NAME
: talentPROJECT_NAME
: QiKunPROJECT_NAME
: chnPROJECT_NAME
: creativePROJECT_NAME
: 16PROJECT_NAME
: 256PROJECT_NAME
: maturePROJECT_NAME
: productionPROJECT_NAME
: colliePROJECT_NAME
: CyrusPROJECT_NAME
: VersionXPROJECT_NAME
: VersionLibPROJECT_NAME
: VersionControlPROJECT_NAME
: EVersionPROJECT_NAME
: SemverXPROJECT_NAME
: ESemVerPROJECT_NAME
: PVerPROJECT_NAME
: PSemVerPROJECT_NAME
: TheVersionPROJECT_NAME
: KVersionPROJECT_NAME
: OVersionPROJECT_NAME
: QVersionPROJECT_NAME
: HVersionPROJECT_NAME
: VersionToolPROJECT_NAME
: everPROJECT_NAME
: evolutionaryPROJECT_NAME
: UVerPROJECT_NAME
: UniformVersionPROJECT_NAME
: NVersionPROJECT_NAME
: XVersionPROJECT_NAME
: VersionLabPROJECT_NAME
: aggregationPROJECT_NAME
: scientistsPROJECT_NAME
: geeksI am hoping to open-source a library called collie
to PyPI
very soon, but the name is taken by this user. Just like all other 118 projects uploaded by this user, it is an empty library.
I am hoping we can remove this package and user soon.
@nathancooperjones please open a separate PEP 541 request if you're interested in the name.
@nathancooperjones please open a separate PEP 541 request if you're interested in the name.
I've gone ahead and made that issue here - thank you!!
this user is still uploading dozens of empty projects
Invalid namesquatting packages have been removed.
I'd like to submit multiple projects from the same user to the PyPI team for violating PEP 541 by accusing
Collie
of being guilty of name squatting on more than one occasion. I don't wish to take ownership of any of these project names at the moment. My intention is to reclaim these names back for the community.Project to be claimed
PROJECT_NAME
: https://pypi.org/project/solidarityPROJECT_NAME
: https://pypi.org/project/authorPROJECT_NAME
: https://pypi.org/project/methodPROJECT_NAME
: https://pypi.org/project/maintainerPROJECT_NAME
: https://pypi.org/project/sharperPROJECT_NAME
: https://pypi.org/project/sharpenPROJECT_NAME
: https://pypi.org/project/uePROJECT_NAME
: https://pypi.org/project/czPROJECT_NAME
: https://pypi.org/project/cePROJECT_NAME
: https://pypi.org/project/vsPROJECT_NAME
: https://pypi.org/project/doerPROJECT_NAME
: https://pypi.org/project/lolitaPROJECT_NAME
: https://pypi.org/project/strategyPROJECT_NAME
: https://pypi.org/project/nanshanPROJECT_NAME
: https://pypi.org/project/pekingPROJECT_NAME
: https://pypi.org/project/shanghaiPROJECT_NAME
: https://pypi.org/project/shenzhenPROJECT_NAME
: https://pypi.org/project/szPROJECT_NAME
: https://pypi.org/project/luminaryPROJECT_NAME
: https://pypi.org/project/victoryPROJECT_NAME
: https://pypi.org/project/approachPROJECT_NAME
: https://pypi.org/project/appsPROJECT_NAME
: https://pypi.org/project/appxPROJECT_NAME
: https://pypi.org/project/prosperityPROJECT_NAME
: https://pypi.org/project/prosperPROJECT_NAME
: https://pypi.org/project/thrivePROJECT_NAME
: https://pypi.org/project/riosPROJECT_NAME
: https://pypi.org/project/prominentPROJECT_NAME
: https://pypi.org/project/eminentPROJECT_NAME
: https://pypi.org/project/fskitPROJECT_NAME
: https://pypi.org/project/ultraPROJECT_NAME
: https://pypi.org/project/fskPROJECT_NAME
: https://pypi.org/project/extraPROJECT_NAME
: https://pypi.org/project/keysysPROJECT_NAME
: https://pypi.org/project/mainstreamPROJECT_NAME
: https://pypi.org/project/filterPROJECT_NAME
: https://pypi.org/project/toughPROJECT_NAME
: https://pypi.org/project/techPROJECT_NAME
: https://pypi.org/project/gradlePROJECT_NAME
: https://pypi.org/project/centerPROJECT_NAME
: https://pypi.org/project/flyweightPROJECT_NAME
: https://pypi.org/project/pkuPROJECT_NAME
: https://pypi.org/project/tbsiPROJECT_NAME
: https://pypi.org/project/sigsPROJECT_NAME
: https://pypi.org/project/tsinghuaPROJECT_NAME
: https://pypi.org/project/innovatorPROJECT_NAME
: https://pypi.org/project/innovationPROJECT_NAME
: https://pypi.org/project/creationPROJECT_NAME
: https://pypi.org/project/pepsysPROJECT_NAME
: https://pypi.org/project/expertPROJECT_NAME
: https://pypi.org/project/bazelPROJECT_NAME
: https://pypi.org/project/enterPROJECT_NAME
: https://pypi.org/project/softPROJECT_NAME
: https://pypi.org/project/idePROJECT_NAME
: https://pypi.org/project/scientificYour PyPI username
USER_NAME
: https://pypi.org/user/hentaichan/Reasons for the request I believe this request is reasonable because the projects are all empty and contain no code. They all have been created between April 12, 2020 and September 26, 2020, which further reinforces my suspicion that Collie is not acting in good faith.
Maintenance or replacement? Since there is no code to maintain (and I don't have the time nor resources to create as many projects all on my own), I suggest to make these names available again to anyone that wants to distribute code via PyPI under any of these project names.
Contact and additional research The author of these projects did not provide a way that would make it possible to reach out to him/her (see also: empty author tag in all these projects). None of these projects are hosted public (e.g. on GitHub or GitLab), which further increases the difficulty of contacting Collie.