|
|
|
|
|
|
by captn3m0
39 days ago
|
|
|
I've been collecting things you can't pin: - Python inline dependencies in PEP-0723, which you can pin with a==1.0, but can't be hash-pinned afaik. - The bin package manager lets you pin binaries, but they aren't hash-pinned either. - The pants build tool suggests vendoring a get-pants.sh script[0] but it downloads the latest. Even if you pass it a version, it doesn't do any checks on the version number and just installs it to ~/.local/bin [0]: https://github.com/pantsbuild/setup/blob/gh-pages/get-pants.... |
|
|