IDEA: a tool that will figure out who published a package by - pypi self...

@mistersql

IDEA: a tool that will figure out who published a package by
- pypi self declared info
- linked repos
- author files, copyright claims
- domain owners of repo/home/docs domains

And then do this for your whole dependency graph to get a feel for
- What % is "no one home" - gone, dead, abandoned
- Anonymous publisher - no info at all. All dead end
- Person
- Company

Increasingly Anonymous also means, "Government of North Korea, probably"

So do we want trustworth reputation or anonymity?

Self-replies

Last time I worked on this I was thinking about how to contact package owners to ask them to add a wheel and that led to the policy for doing namespace takeovers, which involves doing a "skip search"/trace for the missing author (searching for them on social media, email them, etc).