|
|
|
|
|
|
by aflukasz
1214 days ago
|
|
|
Slightly tangential, but... one also does not simply `pip download` if one does not want execute code - https://github.com/pypa/pip/issues/1884. I wanted to run guarddog on source packages. Only then build them locally and install. Turns out, `pip download` triggers code execution in fetched packages. Somewhat surprising and in this day and age worth spreading awareness of. |
|
|