You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We added a new warning in #3239, and it turns out that the underlying problem is much more common than I expected. In Someone’s Been Messing With My Subnormals!, Brendan Dolan-Gavitt found 49 packages compiled with -Ofast (most notably gevent/gevent#1864), with around 2.5k dependents between them.
My first thought was to intersect that set of of 49 known-ever-bad packages with sys.modules. My second was that we could actually just check each of the imported packages (using a subprocess) directly, which would be trickier and more expensive but always up-to-date.
We added a new warning in #3239, and it turns out that the underlying problem is much more common than I expected. In Someone’s Been Messing With My Subnormals!, Brendan Dolan-Gavitt found 49 packages compiled with
-Ofast
(most notably gevent/gevent#1864), with around 2.5k dependents between them.My first thought was to intersect that set of of 49 known-ever-bad packages with
sys.modules
. My second was that we could actually just check each of the imported packages (using a subprocess) directly, which would be trickier and more expensive but always up-to-date.Whichever we go for, I'd add a note on a command like
pipdeptree -rp BTrees,gevent,quiskit-aer
to the error message so that users can tell why they're using a library that they might never have heard of.The text was updated successfully, but these errors were encountered: