iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 665: clarify that pip needs `--require-hashes`

This commit is contained in:
Brett Cannon 2022-01-17 16:38:33 -08:00
parent 9c8b47c102
commit 4b595275e3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pep-0665.rst
View File

@ -172,7 +172,9 @@ requirements files.
Second, you must opt into specifying what files are acceptable to be Second, you must opt into specifying what files are acceptable to be
installed by using the ``--hash`` argument for a specific dependency. installed by using the ``--hash`` argument for a specific dependency.
This is also optional with pip-tools as it requires specifying the This is also optional with pip-tools as it requires specifying the
``--generate-hashes`` CLI argument. ``--generate-hashes`` CLI argument. This requires ``--require-hashes``
for pip to make sure no dependencies lack a hash to check.
Third, even when you control what files may be installed, it does not Third, even when you control what files may be installed, it does not
prevent other packages from being installed. If a dependency is not prevent other packages from being installed. If a dependency is not