setup.py - remove insecure requests to https://pypi.org/pypi/python-appimage/json
manfred-kaiser opened this issue · 1 comments
manfred-kaiser commented
the request to https://pypi.org/pypi/python-appimage/json should be removed, because it breaks workflows, when running without an internet connection.
Another reason is, that you are using _create_unverified_context, which disables certificate validation.
This makes using you package insecure and prone to man in the middle attacks.
Determine the version number this way also breaks reproducible builds.
hendursaga commented
Is the security aspect of this resolved yet?