Over the past few days, as a user of a program that follows the PyPI changelog, I’ve noticed a large number of packages (11756 so far) uploaded by the same user, and all of the ones I’ve inspected so far have been books of unknown/unclear (to me) copyright status packaged into wheels that just open them up for browsing. I strongly suspect that copyrights are being violated here, likely in addition to some PyPI policies, yet the uploads continue, indicating that no action has been taken yet. Are the admins aware of this? Is this considered a problem?
1 Like
It’s fine to contact security@pypi.org about this. They’ll be able to handle it (and yes, it’ll be a TOS violation, so they’ll get taken down).
E-mail sent.
Hi,
Over the past few days, as a user of a program that follows the PyPI changelog, I’ve noticed a large number of packages (11756 so far) uploaded by the same user, and all of the ones I’ve inspected so far have been books of unknown/unclear (to me) copyright status packaged into wheels that just open them up for browsing. I strongly suspect that copyrights are being violated here, likely in addition to some PyPI policies, yet the uploads continue, indicating that no action has been taken yet. Are the admins aware of this? Is this considered a problem?
Sorry I’m just curious, what is that program that follows the PyPI
changelog?. 
thanks!
Emmanuel
It’s Wheelodex https://www.wheelodex.org, a site I wrote for viewing details about the latest wheels uploaded to PyPI.
1 Like
It’s Wheelodex https://www.wheelodex.org, a site I wrote for viewing details about the latest wheels uploaded to PyPI.
Amazing, thanks!
After review and contacting the user, projects for this account were removed today.
2 Likes