Quantcast
Channel: Planet Python
Viewing all articles
Browse latest Browse all 22462

ShiningPanda: Support for pip 8 Hash-Checking Mode

$
0
0

Since version 8.0 (released a week ago), pip can check downloaded package archives against local hashes to protect against remote tampering. To verify a package against one or more hashes, add the hashes at the end of your requirements.txt files:

FooProject==1.2 --hash:sha256=2cf24dba5fb0a30e26e83b2ac5b9e29e \
                --hash:sha256=486ea46224d1bb4fb680f34f7c9ad96a

Requires.io is now compatible with this feature, as you can see for instance on this project: mozilla/kuma.

A big thank to jezdez for notifying us of this new feature of pip!


Viewing all articles
Browse latest Browse all 22462

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>