Le 28/06/2022 à 12:59, J. Pic a écrit :
Hi
Currently we can upload signed packages on pypi.
Shouldn't pip have a keyring of thrusted projects or developers and
enforce whitelisting of untrusted packages, either through a
requirement flag or through an interactive question in CLI?
I think
Could the type hint for the __init__ parameter be inferred from the
(proposed) init_fn's own parameter type hint itself?
On Tue, 2022-06-28 at 16:39 +, Steve Jorgensen wrote:
> Dexter Hill wrote:
> > Ah right I see what you mean. In my example I avoided the use of
> > `__init__` and specifical
Dexter Hill wrote:
> Ah right I see what you mean. In my example I avoided the use of `__init__`
> and specifically `__post_init__` as (and it's probably a fairly uncommon use
> case), in my actual project, `__post_init__` is defined on a base class, and
> inherited by all other classes, and I w
Ah right I see what you mean. In my example I avoided the use of `__init__` and
specifically `__post_init__` as (and it's probably a fairly uncommon use case),
in my actual project, `__post_init__` is defined on a base class, and inherited
by all other classes, and I wanted to avoid overriding `
On Tue, 28 Jun 2022 at 21:02, J. Pic wrote:
>
> Hi
>
> Currently we can upload signed packages on pypi.
>
> Shouldn't pip have a keyring of thrusted projects or developers and enforce
> whitelisting of untrusted packages, either through a requirement flag or
> through an interactive question in
Hi
Currently we can upload signed packages on pypi.
Shouldn't pip have a keyring of thrusted projects or developers and enforce
whitelisting of untrusted packages, either through a requirement flag or
through an interactive question in CLI?
I think this would help with user security if we want t
