Paul Moore
Paul Moore
I'll leave it to @pradyunsg as RM to decide if this is OK to go in 24.1 when we're already at beta 2.
I've not really been following the variations on this, so I'm struggling to keep clear in my mind what's being proposed and what the various behaviours are. But my basic...
> @brettcannon or @pfmoore might have opinions here? Sorry, I have no opinion here. I'm not a Mac user, personally.
Im also uncomfortable with the idea of the pip team being responsible for distributing security certificates (or even directing people to specific ones). We don’t have the security expertise or...
> I find it a bit concerning that people are using random cert bundles from around the web I do too, but there's not much we can do about it...
Fair enough. But in this context, the pip maintainers probably count as laymen, too, so you shouldn't trust us to find reputable certs for people 🙂
I've just seen a pointer to this issue, and while I don't want to dispute the decision (IMO it's up to the setuptools maintainers to decide what's best for their...
> Yeah, there is a growing pain that we discovered in the community once PEP 639 was finally accepted... Probably because of the very long time the community took to...
> Yesterday I released [7.5.8](https://setuptools.pypa.io/en/latest/history.html#v75-8-0), which bumped the metadata version to 2.2, so I don't think we are that much far now (as long as we compromise and oversee the...