Seth Michael Larson
Seth Michael Larson
Agreed, I don't have the privileges to make the edit though :)
@uranusjr Thanks for the review, just to double-check, I didn't add any new tests but because this is the new default behavior I figured this would be okay? Let me...
Thanks for your review and detailed thought process @pfmoore! I agree on your reasoning for not including this in 23.1. I had a few questions on how best to proceed:...
@pfmoore Hey Paul, I agree that trying to get this PR in in it's current state wouldn't be a good idea. Apologies for not getting back to you sooner on...
Created the new PR with the vendoring here: https://github.com/pypa/pip/pull/12107
@EmperorArthur There was a conflict during the upgrade from 0.8.0 to 0.9.0 that's unrelated to truststore's fitness (was caused by an inconsistency in the CPython certificate APIs in 3.13). It's...
Thanks for the reviews and all the assistance @uranusjr and @pfmoore! @davisagli and I are quite excited to see our work from two years ago land in pip :pray:
@pradyunsg Looks like the rebase has a passing test suite, ready to merge whenever :)
Thanks @woodruffw!! This is exciting to see. Wanted to clarify that today we'd be uploading an attestation about publish provenance per-artifact, but in the future we're likely to have build...
Thanks for the patience on this, I've taken a look now and have some thoughts: @miketheman is working on developing the infrastructure for the [Malicious Package Reporting API](https://github.com/pypi/warehouse/issues/14503) and much...