-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pipenv install --skip-lock should not expand environment variables in packages section #3049
Comments
Absolutely. |
This is mainly a security concern I guess, but should we consider expanding variables in packages? It's not like people don't want it |
I agree this is worth considering, if Kenneth says yes. |
What did Kenneth say? |
No words from him, but @techalchemy I recall we had a similar discussion on this a while ago. The conclusion as I remember (might be me imagining) is essentially the same, i.e. don’t want to support this due to security concerns? |
I'd actually need this...
There is probably a better way to add this (any suggestions appreciated) but it looks like a fairly common scenario, so I am wondering what are the security concerns preventing this to be added. |
|
From #3048. I believe this is unintended?
The text was updated successfully, but these errors were encountered: