David Hotham
David Hotham
fwiw, galois 0.4.2 still does not support numpy 2.1 - because numba 0.60 requires numpy
As I understand it, this needs no change at all in poetry itself: an API token derived from OIDC is a token like any other. It just happens to be...
I looked at pdm, fwiw that will do the pypi oidc exchange itself, if the github-specific environment variables are present (as set up by a workflow with `id-token: write`). See...
just ran into https://github.com/tschm/token-mint-action, which provides a github action for obtaining the necessary token - and reports that it did its testing with a poetry published project. so I double...
sure, go for it
> it would still be best practice to have poetry support this feature natively since it concerns a security-sensitive matter. What "best practice"? You might just as well say that...
> Poetry uses locked dependencies. This means that every dependency audit remains valid into the future, since the wheels are stored by a trusted party. GitHub actions can be modified...
the tool that understands `poetry.lock` is `poetry`. Using `poetry` to install `poetry` would be... unusual. you think that avoiding extra dependencies is valuable. I think that poetry already has more...
that is true: but it does not mean that writing code in poetry to mint tokens in a github pipeline would help the other cases. Eg the exact means for...
As your reproduction shows, this is not to do with poetry. I do not expect that poetry - or any python program - will detect that the interpreter has changed...