From 4b595275e316fa34292e414621445af88d0f2dc0 Mon Sep 17 00:00:00 2001
From: Brett Cannon <brett@python.org>
Date: Mon, 17 Jan 2022 16:38:33 -0800
Subject: [PATCH] PEP 665: clarify that pip needs `--require-hashes`

---
 pep-0665.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pep-0665.rst b/pep-0665.rst
index 87f9ca594..c1d3f1002 100644
--- a/pep-0665.rst
+++ b/pep-0665.rst
@@ -172,7 +172,9 @@ requirements files.
 Second, you must opt into specifying what files are acceptable to be
 installed by using the ``--hash`` argument for a specific dependency.
 This is also optional with pip-tools as it requires specifying the
-``--generate-hashes`` CLI argument.
+``--generate-hashes`` CLI argument. This requires ``--require-hashes``
+for pip to make sure no dependencies lack a hash to check.
+
 
 Third, even when you control what files may be installed, it does not
 prevent other packages from being installed. If a dependency is not