PyUp’s dataset is public, and the insecure_full document posted earlier in thread is 344 kb, so yeah, it is totally possible.
https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json <https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json> > On 12/2, 2019, at 17:05, Joni Orponen <j.orpo...@4teamwork.ch> wrote: > > On Tue, Feb 12, 2019 at 5:24 AM Tzu-ping Chung <uranu...@gmail.com > <mailto:uranu...@gmail.com>> wrote: > One way to avoid disclosing user environments to a third party is to build > this into PyPI instead. The API could generate the warning for pip to > display. > > How large are these kinds of databases? Would it be a conceivable thought end > users and/or CI infrastructures of organisations keep and update their local > copies and thus only disclose the fact they're using such a database? > > -- Joni Orponen > -- > Distutils-SIG mailing list -- distutils-sig@python.org > To unsubscribe send an email to distutils-sig-le...@python.org > https://mail.python.org/mailman3/lists/distutils-sig.python.org/ > Message archived at > https://mail.python.org/archives/list/distutils-sig@python.org/message/ERBNV6DJ5MTXF5KOHXZDABPQAEUJELMF/
-- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/SQDHTUVE43XACR3AKT3VMGGFWW5JNV4B/