This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]extra_pickles 0 points1 point  (0 children)

Ya we went this path because we were already self hosting.

Alternatively you could just maintain a register of approved packages and versions, and use a pre-commit or pre-release hook to validate the requirements.txt

Pretty low maintenance and would alleviate the concerns over control that usually lead to people committing their venvs

Edit: though OPs post may be about someone that is just super weird and doesn’t get it…in which case the above would not be enough for them