gefyra
gefyra copied to clipboard
Published
20 hours ago •
gefyrahq
gefyrahq
(Suspicious) dependency on cli-tracker: Is this really needed?
Hi all,
I found Gefyra today and found it an interesting concept. I tried to package it for openSUSE to try it out.
One thing I found was that the CLI dependency on cli-tracker is fishy. Or rather, I cannot find a source for this other than PyPI, which is unusual and made me suspicious. PyPI has seen a lot of malware lately, so better safe than sorry.
So I wanted to ask, if this dependency is necessary? Do you have more information on it?
Thanks in advance, Johannes
