Seth Michael Larson

@nateprewitt Is greenlet only needed for the gunicorn worker? Could we drop that as well in httpbin in favor of some other worker type? Or some other WSGI implementation?

I agree with @ofek that ergonomics is the most important part here, requiring users add another action step means we will see delayed rollout of the feature compared to adding...

@woodruffw Just double checking long-term strategy, is the `attestations: true` setting only there because this is an experimental feature and the goal is that one day a new version of...

> That's true, although the error mode is slightly different here (people opted into trusted publishing by configuring it, which could then fail with a well defined error message, versus...

Thanks for opening this issue, here are some thoughts: > @miketheman: Adding LifecycleStatus was intended to be extended exactly as you're describing - so yay! Should whether a project is...

@hugovk Always good to have data, I've updated my proposal to match.

My concern is I'm not sure how we'd get that information automatically, it'd be a manual process for each advisory. Then we'd have to teach pip-audit how to parse ASTs...

> Do you think the code handling external package managers could live in a separate project? I definitely think so, and I intend to create this as a separate project...

Now that PEP 770 has been accepted I've created the initial draft pull request here: https://github.com/pypa/auditwheel/pull/577

Hey @joemarshall, nice to see you again! :) Happy to accept patches which makes urllib3 work better in those environments. If it's a big simplification (and based on your judgement)...