You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using a remote distribution with pip-sync, e.g. theano @ https://github.com/Theano/Theano/archive/master.zip, we will accept any distribution that was installed from that url instead of checking that the installed distribution matches the remote distribution.
direct_url.json has a hashes key for remote distributions we can use to implement this correctly: When downloading a distribution, record its hash (sha256 probably) in the cache and check whether it matches the entry in direct_url.json. On each run (both pip-sync and pip-compile), check if the remote distribution changed and in that case, invalid the cached hash and fetch the metadata again (pip-compile) or reinstall (pip-sync)
The text was updated successfully, but these errors were encountered:
When using a remote distribution with pip-sync, e.g.
theano @ https://github.com/Theano/Theano/archive/master.zip
, we will accept any distribution that was installed from that url instead of checking that the installed distribution matches the remote distribution.direct_url.json
has ahashes
key for remote distributions we can use to implement this correctly: When downloading a distribution, record its hash (sha256 probably) in the cache and check whether it matches the entry indirect_url.json
. On each run (bothpip-sync
andpip-compile
), check if the remote distribution changed and in that case, invalid the cached hash and fetch the metadata again (pip-compile
) or reinstall (pip-sync
)The text was updated successfully, but these errors were encountered: