Sorry Python but it is what it is.

  • @[email protected]
    link
    fedilink
    English
    231 year ago

    Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

    • @_stranger_
      link
      61 year ago

      I believe that was just name squatting.

      • @fragment
        link
        61 year ago

        It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

        For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

        • @_stranger_
          link
          21 year ago

          Yeah, I remember now. the name squatting was from people putting malicious packages under misspelled names of well known packages, like “requets” instead of requests.