Plastic Flowers to Protect the Hive
6 points by phildini
6 points by phildini
This is completely ridiculous and doesn't buy you actual security. There are more packages than you can register names for. I say, let it burn. People need to get burned to understand the dangers of playing with fire.
It's the same line of thinking that makes people believe they can patch "bad behavior" out of chatbots by adding special cases every time they recommend people eat rocks or put glue on pizza or substitute sodium bromide for sodium chloride in their diet; a fundamental failure to imagine the scale of the state-space of undesired behavior.
So you are pre squatting all those names? What if your account gets conpromised? Then the bots can see a lot of actually available packages if they do a listing, and they are all valid and dangerous.
Any reason to target only python and js? What about php, or dockerhub?
I wonder if making them all sleep(1e50) would be a better bet so that there is a reason to learn them as not-to-be-trusted.