[BUG] Version 78.1.0 as W32.RetroDetected #4924
Comments
planair
added
bug
Needs Triage
|
It would probably be helpful to know which antivirus software this is. |
|
Please do not report a security vulnerability using a public issue tracker (ideally not in any project). I believe that when selecting the type of issue, you have a link to report security vulnerabilities. Please use that one. Now, it does not necessarily mean that this is an actual security vulnerability. It may be a false positive. Once reported, the people working on the case will assess and, if necessary, provide a fix. Please do provide information about which tool you are using and what does the obscure warning code means 😅 (maybe a link in the tool page explaining what is the vulnerability?) when filling in the private vulnerability disclosure. |
The report claims that it is a false positive and they are informing you that setuptools is currently suffering from a Denial of Service carried out by antivirus vendors. I'm not entirely convinced that people should be reporting antivirus false positives to projects at all, as there's nothing we can do about it and it misrepresents the responsibilities of OSS maintainers to ask us to be responsible for undocumented magical heuristics. But I really don't see how asking the reporter to go through the embargo and coordinated disclosure process is any better. |
|
I mean, first of all sorry if i used the wrong labels and categories while creating this issue. Nothing guaranteed me when I got called my the IT, that it was a false positive, that's why I created the issue. I kinda wanted to alert you guys that something could be wrong with the latest version (that came out 2 days after my incident). If you're sure its a false positive, just close the issue then and sorry for disturbing. |
I appologise, that is not what I understood at first. But if that is the case, yes, I agree with you, there is not much point.
Since I did not know this was a false positive or not, my reasoning was that we should follow the procedure. I am not familiar to which practices tidelift has in place to investigate vulnerabilities but I was hopping that the process would have some kind of specific way of collecting the relevant information and directing to the relevant people (after the information was publicly disclosed there is no much point in keeping it confidential, but I still suspect there is some value in the procedure). |
setuptools version
78.1.0
Python version
python 3.11
OS
Linux
Additional environment information
No response
Description
Hi there,
Yesterday i updated a web app where i had setuptools installed, so it updated its version.
Today when I turned on my computer, my antivirus (Cisco) isolated me from the network because of setuptools giving an error W32.RetroDetected
In the meantime, IT allowed the antivirus to ignore this error, but perhaps its a global issue for everyone ?
Expected behavior
Unexpected error after updating setuptools library
How to Reproduce
I just updated my requirements file of the web app
Output
See image above for the error
The text was updated successfully, but these errors were encountered: