Closed ayushjain01 closed 4 months ago
coveralls
commented
5 months ago | Totals | |
|---|---|
| Change from base Build 9365485947: | 0.0% |
| Covered Lines: | 532 |
| Relevant Lines: | 576 |
ixmatus
commented
4 months ago A colleague of this person tried to open this exact PR against a project I'm the maintainer for as well (https://github.com/ixmatus/inflector/pull/16). This is a promotional campaign and they (or colleagues) appear to be doing it on reddit too, I think this is suspicious activity. They are creating an external dependency on a web property that (as far as I can tell) is not officially blessed by pypi. I recommend rejecting this PR.
Users can get package statistics from libraries.io which is linked to directly by pypi itself.
agronholm
commented
4 months ago I was going to reject the PR, but I don't know why you feel that it's suspicious. This looks like a better alternative to pypistats.org. I don't know why the name has "pip" in it, as it has nothing per se to do with the service the statistics are from.
ixmatus
commented
4 months ago I wrote a long comment but it got lost on a refresh.
Another project determined the counts were incorrect.
I’m generally suspicious of promotional campaigns that use oss projects as vector. It’s disingenuous (abuses the trust of oss) and this activity looks like SEO link juicing to me.
I also work in security and a more nefarious interpretation is that this was a low grade social engineering attack with an attempt at getting the “Contributor” label applied to their user name on your project. That’s probably more paranoid than anything, though.
ayushjain01
commented
4 months ago I was going to reject the PR, but I don't know why you feel that it's suspicious. This looks like a better alternative to pypistats.org. I don't know why the name has "pip" in it, as it has nothing per se to do with the service the statistics are from.
Thank you, @agronholm, for trusting and acknowledging the potential value of our badge system. If the inclusion of "pip" in the name is misleading, we are open to suggestions for a more appropriate name that accurately reflects the service. We just display trends related to python packages and hence thought pip trends would be a good name.
@ixmatus, I appreciate your concerns and the opportunity to clarify our intentions. This is not an attempt at SEO link juicing or any form of promotional campaign. Our primary goal is to offer an alternative that provides accurate and useful statistics for the community.
Added a badge displaying the monthly download count from pip Trends. You can view more details at - https://piptrends.com/package/exceptiongroup
(If necessary, the link from the badge to the package's pip Trends page can be removed. We just want to showcase a badge we have created.)