| ▲ | captn3m0 4 hours ago | |
I've been collecting things you can't pin: - Python inline dependencies in PEP-0723, which you can pin with a==1.0, but can't be hash-pinned afaik. - The bin package manager lets you pin binaries, but they aren't hash-pinned either. - The pants build tool suggests vendoring a get-pants.sh script[0] but it downloads the latest. Even if you pass it a version, it doesn't do any checks on the version number and just installs it to ~/.local/bin [0]: https://github.com/pantsbuild/setup/blob/gh-pages/get-pants.... | ||