PyPI packages with malicious install scripts! https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ (so few PLs have opt-in install scripts or run them in sandboxes)
miniblog.
Related Posts
The new PyPI web UI: https://warehouse.python.org/ is looking really good! There's a lot of good Python out there, which deserves a good site.
Python packaging: Source dists require compilation, eggs don't work with pip, and you can't upload binary Linux wheels to PyPI. Argh!
Woah, it's now possible to automatically upload package to PyPI from Travis if your tagged commit passes tests. Automate everything!