floriankisser
commented
4 years ago Python 3.4 isn't getting security updates anymore, support was dropped by lxml.
Open floriankisser opened 4 years ago
floriankisser
commented
4 years ago Python 3.4 isn't getting security updates anymore, support was dropped by lxml.
fopina
commented
4 years ago Can you put the version pinning back into setup.py? It’s a sensitive package and I only use it with pinning to avoid possible takeovers (pypi does not allow version replacements) I’ll merge after, cheers on the PR!
floriankisser
commented
4 years ago OK, I get why you did it in the first place. But as every dependency can be used for an attack just as easily, wouldn't it be better to pip freeze all dependencies to the requirements.txt and encourage people to install via pip install -r requirements.txt?
fopina
commented
4 years ago That’s true, it would be the best. But people never install CLI packages in a virtual env, they do it in system or user python path. Freezing all dependencies breaks a lot of things for other installed apps... Anyway, better not go down any existential rabbit holes for something like this package :) Let’s just keep this PR clean for its purpose: upgrade keepass version
Remove everything else please to keep the focus of the PR so I can merge it :)
floriankisser
commented
4 years ago I created another pull request for the other changes.
I couldn't open my db due to https://github.com/libkeepass/pykeepass/issues/152.