My work as the Security Developer-in-Residence at the Python Software Foundation is sponsored by Alpha-Omega. Thanks to Alpha-Omega for supporting security in the Python ecosystem. I published a blog post two months ago about how to hack relative dependency cooldowns into pip v26.0 with crontab. Now with pip v26.1 available, this hack is no longer required! Time to upgrade my pip and delete that cron job... Now in pip v26.1 you can use uploaded-prior-to in your ~/.config/pip/pip.conf file or --uploaded-prior-to= as a CLI option with relative RFC 3339 duration values. pip supports setting days using “PND” where N is the number of days. For example, using the following as your ~/.config/pip/pip.conf file will only install packages that are at least 7 days old on the Python Package Index: [install] uploaded-prior-to = P7D Because this setting is in your global pip config, it means that you won't have to remember to set the option when invoking pip install. Using a relative value also…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.