Dne 08. 03. 21 v 18:33 Mattia Verga via devel napsal(a):
In what way is different from installing them by pip? Does packaging them worth spending resources (disk space, Koji cycles) and packagers time?
1. You know from where the package comes. Verified using GPG checks. Helps to avoid Dependency Confusions attacks https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 2. You can audit files on your disk using rpm -qf /some/file Nothing stops you to create these packages automatically using `pyp2rpm`. -- Miroslav Suchy, RHCA Red Hat, Associate Manager, Community Packaging Tools, #brno, #fedora-buildsys _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
