You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I gather from outside sources that some projects have been removed from pypi because they were malicious (libpesh for example).
I have a bandersnatch mirror, and it appears to have mirrored the source. I'd like to ensure that such packages are not made available to my clients, but there doesn't appear to be a way to communicate removals/deletions/name bans. Can you double-check my example below?
>>> import xmlrpc.client
>>> import arrow
>>> client = xmlrpc.client.ServerProxy("https://test.pypi.org/pypi")
>>> yd = arrow.get("2019-07-01 00:00:00")
>>> recentchanges = client.changelog(yd.timestamp)
>>> len(recentchanges)
18389
>>> for entry in recentchanges:
... if "pesh" in entry[0]:
... print(entry)
...
>>> "pesh" in str(recentchanges)
False
Describe the solution you'd like
I would be happy with a flat file of names that are gone. In addition, recording these administrative removals for transparency/timestamping in the changelog would also be good.
What's the problem this feature will solve?
I gather from outside sources that some projects have been removed from pypi because they were malicious (libpesh for example).
I have a bandersnatch mirror, and it appears to have mirrored the source. I'd like to ensure that such packages are not made available to my clients, but there doesn't appear to be a way to communicate removals/deletions/name bans. Can you double-check my example below?
Describe the solution you'd like
I would be happy with a flat file of names that are gone. In addition, recording these administrative removals for transparency/timestamping in the changelog would also be good.
Additional context
This is perhaps related to the efforts in #5863 ?
@cooperlees for context
The text was updated successfully, but these errors were encountered: