PyUp’s dataset is public, and the insecure_full document posted earlier in thread is 344 kb, so yeah, it is totally possible. https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json <https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json>
On 12/2, 2019, at 17:05, Joni Orponen <j.orponen@4teamwork.ch> wrote:
On Tue, Feb 12, 2019 at 5:24 AM Tzu-ping Chung <uranusjr@gmail.com <mailto:uranusjr@gmail.com>> wrote: One way to avoid disclosing user environments to a third party is to build this into PyPI instead. The API could generate the warning for pip to display.
How large are these kinds of databases? Would it be a conceivable thought end users and/or CI infrastructures of organisations keep and update their local copies and thus only disclose the fact they're using such a database?
-- Joni Orponen -- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-leave@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/ERBNV...