If you’re concerned about this, then I would open an issue and maybe even propose a design to the pip community. Posting here isn’t actionable in any way. Bringing it up with the pip maintainers is.
Sure, you can open an issue but I doubt it'll be much helpful after reading this reddit thread. It seems they've deliberately chosen to not have package signing which seems beyond logic to me!
I know posting here isn't much actionable, consider this as just another rant!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If you’re concerned about this, then I would open an issue and maybe even propose a design to the
pip
community. Posting here isn’t actionable in any way. Bringing it up with thepip
maintainers is.Sure, you can open an issue but I doubt it'll be much helpful after reading this reddit thread. It seems they've deliberately chosen to not have package signing which seems beyond logic to me!
I know posting here isn't much actionable, consider this as just another rant!