PyTorch and the PyPI supply chain

Posted Jan 12, 2023 12:35 UTC (Thu) by khim (subscriber, #9252)
In reply to: PyTorch and the PyPI supply chain by ms
Parent article: PyTorch and the PyPI supply chain

> You would also have to modify the deps of a repo that imports that, and of that, and so on, all the way up to the top.

Sounds like cultivation of Log4Shells instead of “dependency confusion”.

But yeah, that's definitely fit well into “simple non-solutions” scheme Go practices.