Le 28/06/2022 à 12:59, J. Pic a écrit :
Hi
Currently we can upload signed packages on pypi.
Shouldn't pip have a keyring of thrusted projects or developers and
enforce whitelisting of untrusted packages, either through a
requirement flag or through an interactive question in CLI?
I think this would help with user security if we want to keep pypi
open for upload to all on the long term.
Thanks for your feedback
Shouldn't this be raised on the Pip tracker or on
https://discuss.python.org/c/packaging? I thought this mailing list was
for the Python language itself.
_______________________________________________
Python-ideas mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/[email protected]/message/RVZJQQ4N5ZRV4BLAF3JV7LDASUGZWG2J/
Code of Conduct: http://python.org/psf/codeofconduct/
