@aeva @glyph I remember when this was a distinction held by perl. I doubt there's much of anything that can meaningfully be done there which doesn't also eliminate python's utility as a programming language.

@wuest @aeva okay let me be clearer here: I don't mean we need to make Python not turing-complete so it can't be weaponized, but it might be nice if the *community* developed a slightly more hostile attitude towards this usage. it's not like there aren't things that have *already* been done. PyPI scans for and rejects malicious packages so malware has a harder time using it as a distribution or C&C channel

@aeva @wuest not saying anyone does, the attitude towards this stuff *is* already pretty hostile. yet, the usage increases. so perhaps not hostile enough.

all I was trying to do here was to highlight this and say it's a thing more Python developers might want to be aware of and considering ways to discourage, not that Something Must Be Done Immediately. good work has already been done and continues to be done, but by a pretty tiny sliver of the community working in relative obscurity

@wuest @glyph something i remember from my brief stint writing Fintech Ruby for a fintech startup was that most malware these days is an organized crime thing. which kinda makes sense because old school computer viruses that were written by nerds had a kind of playful malice and not so much the "hold hospitals hostage and scam grandpa" stuff. the people doing it are most likely not in our orbit, and they're either doing it under duress or with a complete lack of scruples