An increase in demand for quick and easy distribution of software is pushing risky practices.

Package management systems claim to manage packages, but they leave a lot to desire. The perception that users are stupid and can't understand command line, has turned many unsafe practices that were meant to quickly install a pre-released package into primary means of distribution.

We look at some of the most popular open source distribution mechanisms and share our view through recent incidents, a little bit of research and some suggestions for attack vectors.

---

Speakers for Package Mis-Management:

---

Metadata for Package Mis-Management

To be recorded: Yes

---

URLs for Package Mis-Management

Slides: https://github.com/benjaoming/pytosquatting/raw/5b040581a0a129494b1b4ee3768e09d53b77438e/misc/bornhack-talk/slides.pdf

Recording: https://www.youtube.com/watch?v=482XCyq_Ej4

---

Schedule for Package Mis-Management

• Tuesday, Aug 21st, 2018, 11:00 (CEST) - Tuesday, Aug 21st, 2018, 12:00 (CEST) at Speakers Tent