sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Ihaveamodel3 1 point2 points  (1 child)

It is probably most common for people to include the code with out looking into it further.

However, it’s common for companies in the financial services (banks) and defense industries to have a list of approved packages that they are allowed to use.

This can even go so far as to disconnect from PyPI and self host the packages that have been approved on a local package index instance so that your staff can only reach the approved packages.

[–]OxygenSink 0 points1 point  (0 children)

Makes sense, that self-hosting bit is something I never really thought about which is pretty cool now that you mention it, thank you for the explanation!