On Sun, Feb 12, 2023 at 9:05 AM Ian Norton <inor...@gmail.com> wrote: > I requested this kind of thing from the pip folks as > https://github.com/pypa/pip/issues/11644 and others have requested > similar, such as https://github.com/pypa/pip/issues/11607
While they wrote it would be discussed, it doesn't really seem as if they would care too much or as if anything would have happened since then? :-( I cannot really comment too much about the rest you wrote, as I'm not really a Python or Debian packaging expert. What I'd like to have is "simply" ;-) to prevent installation of any remote code (as pip and similar tools, also for other languages, do) and still use them as far as I have the packages from Debian installed. So for example, even if the pyproject.toml would specify some version of a dependency that is not in Debian, it should rather fail than downloading anything from somewhere. Regards, Philippe