I don’t understand how the information requested is relevant at all for any purpose. Most users of pypi merely download through pip; they arent registering anything. Furthermore, I would think a bad actor who would register would spoof their ip and use burner accounts anyhow.
Correlating IP address use to something else happening at the same time? Like a malware author being incredibly dumb and using their home IP to upload PyPy packages, while IDK, using that same IP as a C&C server endpoint.
They may not even need to have slipped up and direct-connected via their home IP. The FBI has sufficiently compromised subsets of Tor in the past to do correlative attacks on specific targets.
Presumably the 5 users in question were interesting in some way, not just random.
> I would think a bad actor who would register would spoof their ip and use burner accounts anyhow
Maybe, but they could find that out with the information. If there's a 10% chance each was sloppy or un-paranoid, there's a 40% chance they get at least one piece of real info.
The person might not have thought they were doing anything wrong. Some judge might have greenlit this for a piracy case against the five maintainaers of youtube_dl{c} or something silly.
