Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

That's a very visible Ken Thompson style attack. The modern expectation is that PyPI would be evaluating this build-system section and would only accept build-systems that they trust to turn package distributions into wheels, and the end users only need the wheels. If you need a specific version of hatchling that they know of, that's fine. If you need something they haven't heard of, they should say no.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: