Hacker News new | ask | show | jobs
by grincho 1780 days ago
Yes, this is why I implemented hash-checking in pip (https://pip.pypa.io/en/stable/topics/repeatable-installs/#ha...). Running your own server is certainly another way to solve the problem (and lets you work offline), but keeping the pinning info in version control gives you a built-in audit trail, code reviews, and one fewer server to maintain.
1 comments
stavros 1779 days ago
Doesn't Poetry do this by default in its lockfile too?
link
c618b9b695c4 1779 days ago
There is an active PEP[0] for defining lockfiles.

0: https://www.python.org/dev/peps/pep-0665/

link