| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
There is not a single CVE linked to python:pip so use pypa:pip instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pypa:pip
Moreover, CPE_ID missed PKG_ prefix
Fixes: eee273507b868ad5f6f7e744d513c85330967906 (python3: Split pip into separate source package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
| |
001-pyproject-hooks-pyc-fix.patch and 002-pip-runner-pyc-fix.patch are
redone to use source files if they are present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
|
|
Packaging pip from a separate source package allows it to stay updated
with upstream.
Host pip will remain installed as part of python3. Host pip is used in a
much more controlled way and so is less critical for it to track
upstream.
This also removes the python-pip-conf package and installs the pip.conf
file as part of python3-pip.
The patch 003-disable-pip-version-check.patch is originally from Debian:
https://salsa.debian.org/python-team/packages/python-pip/-/blob/bb079efb8c6dd2c284eee94cf90e61bce19a6f73/debian/patches/disable-pip-version-check.patch
pip was in a separate source package that was removed in
a53d0c5a403d1669e2cf6c59c2be6a9d3ed633a0; this work is not based on that
earlier package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|