Greylist check #61
Assignees
Labels
enhancement
New feature or request
Comments
Closed
|
What's going on with this PR? |
|
Some clarification on the scope of this PR: the graylist should make it so that the package never shows up on the feed at all, rather than just block users from reporting it. This isn't currently possible with our code architecture, so we'll need #95 to be completed first before implementing this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greylist checking is conceptually similar to a whitelist with a bit less trust.
Essentially; if scanned packages have flagged on rules; that gets stored to our database.
in the future, if a new release of the flagged product comes out and it flags on all of the same rules (no more no less) then it is extremely likely that the package has not become malicious. In this case the package is treated as safe. However, if the flagged rules have changed, then the package warrants further scrutiny and so we should continue flagging those instances.
The text was updated successfully, but these errors were encountered: