Sorry Python but it is what it is.
23 points
Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?
6 points
6 points
It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606
For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.
2 points