Paul Moore

It looks like `get_unverified_chain` wasn't a documented (public) API before Python 3.13. So for Python 3.12 and earlier `truststore` should be prepared for it to not exist. The code around...

I remain sympathetic in principle to having a plugin API for pip. And I think we should acknowledge the reality that even though we have consistently stated that people must...

> To make things more concrete, here's a kind of plugin that I could imagine Right. But that's just one example. And *every* example comes with a requirement for pip...

> I might not be understanding, but I don't follow why this would be the case, for two reasons One of us is misunderstanding, but it might be me. What...

I'll keep it short, just for variety 😉 > I'm curious if explicitly considering this unstable (with the burden for breakage being 100% on plugin authors) changes your mind at...

> That's quite unsupported 😅 Indeed 🤣 In reality this may never happen, and we wouldn't *deliberately* do it, but I'm thinking very specifically of things like refactoring the internals...

Please note that as I've said previously, I'm a strong -1 on "basic entrypoint detection" in the absence of *specific*, *documented* entry point type definitions. It will be a waste...

> How would you like these documented? Based on the conversation upthread I thought there was rough consensus on an (explicitly unstable) entrypoint for "dist-inspector", i.e. an interface capable of...

Could you add a comment clarifying that the simple open/close is sufficient if the file is empty? Also, I didn't immediately recognise that 1048576 was 1MB. Maybe mention that in...

Thanks for the improvement :-)