Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why .devcontainer/setup.sh downloads and runs https://bootstrap.pypa.io/get-pip.py #13

Open
1 task done
kroleg opened this issue Apr 18, 2024 · 0 comments
Open
1 task done

Why .devcontainer/setup.sh downloads and runs https://bootstrap.pypa.io/get-pip.py #13

kroleg opened this issue Apr 18, 2024 · 0 comments

Comments

@kroleg
Copy link
Contributor

kroleg commented Apr 18, 2024
edited
Loading

Information

  • None of the other issue templates apply

Description

Thanks for this repo. 🙇 Finally there is a way to build keymaps without installing ton of stuff on my machine.

I noticed that ghcr.io/qmk/qmk_cli image already has latest pip https://github.com/qmk/qmk_cli/blob/d3917b10e7621632098028a68982727b10ec83f5/Dockerfile#L8, so why is there a need to download get-pip.py?
And if there is a need for latest pip why not do python3 -m pip install --upgrade pip like qmk_cli does?

Also downloading .py file with blobs looks suspicious. It even has a comment in the start of the file:
Screenshot 2024-04-18 at 10 01 43

But that's exactly what i would say if i was up for something nefarious :D
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kroleg