Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Suspicious) dependency on cli-tracker: Is this really needed? #699

Open
kastl-ars opened this issue Oct 4, 2024 · 3 comments
Open

(Suspicious) dependency on cli-tracker: Is this really needed? #699

kastl-ars opened this issue Oct 4, 2024 · 3 comments

Comments

@kastl-ars
Copy link

Hi all,

I found Gefyra today and found it an interesting concept. I tried to package it for openSUSE to try it out.

One thing I found was that the CLI dependency on cli-tracker is fishy. Or rather, I cannot find a source for this other than PyPI, which is unusual and made me suspicious. PyPI has seen a lot of malware lately, so better safe than sorry.

So I wanted to ask, if this dependency is necessary? Do you have more information on it?

Thanks in advance,
Johannes

@SteinRobert
Copy link
Contributor

SteinRobert commented Oct 7, 2024

Hey @kastl-ars - we added the tracker - it's written by the Gefyra maintainers.
The Github repository is here:
https://github.com/unikubehq/cli_tracker

The Gefyra project was born out of Unikube, a couple of years ago, that's why it is in another organization. On that note I might just move it over in the next couple of days.

The tracker collects generally usage information about the Gefyra CLI so we can make better decisions which errors to look into, which things to push further. If one does opt-out nothing is sent.
The information are collected and stored on sentry.io.

I'm sorry for the confusion, hoping this resolves your worries and answers your questions.

@kastl-ars
Copy link
Author

kastl-ars commented Oct 8, 2024

Thanks for the reply and the information. That helps (and eases my mind).

Would it be possible to add more information to the PyPI entry for the tracker? Link to the repository, license, etc.?

Kind Regards
Johannes

@SteinRobert
Copy link
Contributor

Sure thing. I'll look into this and will keep you posted. The repo has already been moved to the Gefyra organization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants