Chris Angelico writes:
> Part of the desired protection is the prevention of typosquatting.
> That means there has to be something that you can point pip to and
> say "install this package", and it's unable to install any
> non-curated package.
I think that the goalposts are walking though.
On Wed, 5 Jul 2023 at 17:12, Stephen J. Turnbull
wrote:
> > 4) A self contained repository of packages that you could point
> > pip to -- it would contain only the packages that had met some
> > sort of "vetting" criteria. In theory, anyone could run it, but
> > a stamp of approva