Y
Hacker News
new
|
ask
|
show
|
jobs
by
aflukasz
1214 days ago
Also, it's 2023 - please do not suggest approaches that do not use package hash based pinning. For example, use pip-tools.
Hopefully, in 2024, we will be able to say same thing about signing via sigstore ecosystem.