iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 665: clarify that pip needs `--require-hashes`

This commit is contained in:
Brett Cannon 2022-01-17 16:38:33 -08:00
parent 9c8b47c102
commit 4b595275e3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pep-0665.rst
View File

@ -172,7 +172,9 @@ requirements files.
Second, you must opt into specifying what files are acceptable to be
installed by using the ``--hash`` argument for a specific dependency.
This is also optional with pip-tools as it requires specifying the
``--generate-hashes`` CLI argument.
``--generate-hashes`` CLI argument. This requires ``--require-hashes``
for pip to make sure no dependencies lack a hash to check.
Third, even when you control what files may be installed, it does not
prevent other packages from being installed. If a dependency is not