I requested this kind of thing from the pip folks as https://github.com/pypa/pip/issues/11644 and others have requested similar, such as https://github.com/pypa/pip/issues/11607
On Sun, 12 Feb 2023 at 04:56, Philippe Cerfon <philc...@gmail.com> wrote: > > Hey. > > I hope this is not too off topic. > > As far as I understand, dh-python, when building packages somehow > automatically uses the Debian package names and even prevents e.g. > setuptools from downloading any dependencies by setting a (hopefully > not running) proxy. > > > I wondered whether it's possible to make tools like pip and setuptools > directly use the Debian python packages when resolving dependencies. > > The main motivation are security constraints, so I had to configure > pip so that it cannot just download packages from PyPI (which is > rather easy, simply setting no-index in pip.conf). > > But then of course it also fails to e.g. do an editable install of a > locally developed package, when it tries to resolve the dependencies. > > So I wondered whether it's possible to prevent pip from downloading > any remote stuff, while still resolving dependencies (respectively > consider them as being resolved) *if* the package is locally installed > from the Debian archive? > (If a dependency isn't installed from a package it may of course fail.) > > > Thanks, > Philippe. > > PS: Please keep me CCed. >