You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on getting security packages to have the option of installing with only wheels (it's more secure that way), ref. Jake which means the whole dependency graph needs to have wheels
yaspin's dependency on termcolor (which has no wheels and has no maintainer, so it is hard for me to get a wheel in termcolor)
I did create a fork, termcolor-whl so you could switch to that or venderize termcolor.
Without something like that, people who depend on yaspin would have to vendorize to get around the problem.
The text was updated successfully, but these errors were encountered:
Thanks for pointing this out and detailed description for potential security issues 👍
I'll probably vendor termcolor, as it was before this commit: d19bbe7
I'm working on getting security packages to have the option of installing with only wheels (it's more secure that way), ref. Jake which means the whole dependency graph needs to have wheels
yaspin's dependency on termcolor (which has no wheels and has no maintainer, so it is hard for me to get a wheel in termcolor)
I did create a fork, termcolor-whl so you could switch to that or venderize termcolor.
Without something like that, people who depend on yaspin would have to vendorize to get around the problem.
The text was updated successfully, but these errors were encountered: