they have five usernames... that can narrow down what projects they were associated with pretty quickly to infer if there was something nefarious about them. though it could be entirely unrelated to their activity on pypi and be a trawl for leads based on username similarity from some other messageboard or activity that was used for illegality. though, thinking about it more, that seems legally dubious a reason to be able to get a subpoena issued for. ianal
They only wrote that they weren't told what it was about. However it might be obvious from the packages uploaded by those users (e.g. if they uploaded malware).
There's a wide gulf between concrete knowledge and belief.
I see an ambulance going lights-and-sirens behind me. I don't know they're on their way to or from a hospital, but I pull over because I have reason to believe they are.
Weird analogy. An ambulance has a very narrow scope of responsibility. Legal processes have a very wide scope. Clearly this is related to a legal matter and not an immediate medical matter. But the nature of the legal matter could be a very wide variety of things, ranging from lower court civil proceedings up to treason, etc.
