On Monday, September 18, 2017 at 9:38:30 PM UTC+2, Nils Bruin wrote: > > In reality this is increasingly not the case anymore: sage pulls in > packages from "Pypi" when installing >
A normal install (i.e. running "make") does not pull packages from pypi. Obviously we don't have the resources to security audit every dependency, but at least you can be assured that you are installing the same packages as when the release was made. But once sage is built you can of course use pip to install additional third-party packages from pypi. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
