Le 28/06/2022 à 12:59, J. Pic a écrit :
Hi
Currently we can upload signed packages on pypi.
Shouldn't pip have a keyring of thrusted projects or developers and
enforce whitelisting of untrusted packages, either through a
requirement flag or through an interactive question in CLI?
I think
On Tue, 28 Jun 2022 at 21:02, J. Pic wrote:
>
> Hi
>
> Currently we can upload signed packages on pypi.
>
> Shouldn't pip have a keyring of thrusted projects or developers and enforce
> whitelisting of untrusted packages, either through a requirement flag or
> through an interactive question in
