PyUp’s dataset is public, and the insecure_full document posted earlier in thread is 344 kb, so yeah, it is totally possible.
https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json <https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json> > On 12/2, 2019, at 17:05, Joni Orponen <[email protected]> wrote: > > On Tue, Feb 12, 2019 at 5:24 AM Tzu-ping Chung <[email protected] > <mailto:[email protected]>> wrote: > One way to avoid disclosing user environments to a third party is to build > this into PyPI instead. The API could generate the warning for pip to > display. > > How large are these kinds of databases? Would it be a conceivable thought end > users and/or CI infrastructures of organisations keep and update their local > copies and thus only disclose the fact they're using such a database? > > -- Joni Orponen > -- > Distutils-SIG mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://mail.python.org/mailman3/lists/distutils-sig.python.org/ > Message archived at > https://mail.python.org/archives/list/[email protected]/message/ERBNV6DJ5MTXF5KOHXZDABPQAEUJELMF/
-- Distutils-SIG mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/SQDHTUVE43XACR3AKT3VMGGFWW5JNV4B/
