PEP 665: clarify that pip needs `--require-hashes`
This commit is contained in:
parent
9c8b47c102
commit
4b595275e3
|
@ -172,7 +172,9 @@ requirements files.
|
||||||
Second, you must opt into specifying what files are acceptable to be
|
Second, you must opt into specifying what files are acceptable to be
|
||||||
installed by using the ``--hash`` argument for a specific dependency.
|
installed by using the ``--hash`` argument for a specific dependency.
|
||||||
This is also optional with pip-tools as it requires specifying the
|
This is also optional with pip-tools as it requires specifying the
|
||||||
``--generate-hashes`` CLI argument.
|
``--generate-hashes`` CLI argument. This requires ``--require-hashes``
|
||||||
|
for pip to make sure no dependencies lack a hash to check.
|
||||||
|
|
||||||
|
|
||||||
Third, even when you control what files may be installed, it does not
|
Third, even when you control what files may be installed, it does not
|
||||||
prevent other packages from being installed. If a dependency is not
|
prevent other packages from being installed. If a dependency is not
|
||||||
|
|
Loading…
Reference in New Issue