Open floriankisser opened 4 years ago
Python 3.4 isn't getting security updates anymore, support was dropped by lxml.
Can you put the version pinning back into setup.py? It’s a sensitive package and I only use it with pinning to avoid possible takeovers (pypi does not allow version replacements) I’ll merge after, cheers on the PR!
OK, I get why you did it in the first place. But as every dependency can be used for an attack just as easily, wouldn't it be better to pip freeze all dependencies to the requirements.txt and encourage people to install via pip install -r requirements.txt
?
That’s true, it would be the best. But people never install CLI packages in a virtual env, they do it in system or user python path. Freezing all dependencies breaks a lot of things for other installed apps... Anyway, better not go down any existential rabbit holes for something like this package :) Let’s just keep this PR clean for its purpose: upgrade keepass version
Remove everything else please to keep the focus of the PR so I can merge it :)
I created another pull request for the other changes.
I couldn't open my db due to https://github.com/libkeepass/pykeepass/issues/152.