In the process of identifying which removed projects are malicious, it's helpful to have more training data. This data comes from a long-running bandersnatch instance, and is prettyprinted, but provides a historical view with last upload dates between 2017-09-15 and 2020-02-16.
The only modification I have made is canonicalizing the filenames (you can get back the
original name from the .info.name
in the file).
This will eventually be merged with what's available in drd for a more complete view of what was previously on pypi.
Short answer: I chose CC0
Longer answer:
I am not a lawyer. This metadata was originally provided to aid distribution, and publicly available, but metadata isn't specifically called out as a use in the pypi ToU.
I am happy to exclude individual projects if you object via github issue here.