Le 28/06/2022 à 12:59, J. Pic a écrit :
Hi
Currently we can upload signed packages on pypi.
Shouldn't pip have a keyring of thrusted projects or developers and
enforce whitelisting of untrusted packages, either through a
requirement flag or through an interactive question in CLI?
I think this would help with user security if we want to keep pypi
open for upload to all on the long term.
Thanks for your feedback
Shouldn't this be raised on the Pip tracker or on
https://discuss.python.org/c/packaging? I thought this mailing list was
for the Python language itself.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/RVZJQQ4N5ZRV4BLAF3JV7LDASUGZWG2J/
Code of Conduct: http://python.org/psf/codeofconduct/