Mastodawn

For those of you reading about dependency cooldowns recently and wanting to try it out with uv, beware GitLab’s python package repository does not support it. It needs to expose the necessary metadata still https://gitlab.com/gitlab-org/gitlab/-/issues/581770

Your download will fail with a much of “is missing an upload date, but user provided: <date-string>”
#dependencycooldowns #uv #gitlab

Python Package Registry should support the modern JSON format (#581770) · Issues · GitLab.org / GitLab · GitLab

Proposal The Python package registry currently only supports the “simple” HTML view which provides limited metadata. This prevents tools like

GitLab

Seth Larson Mar 5

I got too excited about "set-and-forget" relative dependency cooldowns coming to #pip that I hacked them together using cron and a script that calculates uploaded-prior-to in pip.conf 👀

https://sethmlarson.dev/pip-relative-dependency-cooling-with-crontab

#python #pypi #dependencycooldowns #security

Relative “Dependency Cooldowns” in pip v26.0 with crontab

WARNING: Most of this blog post is a hack, everyone should probably just wait for relative dependency cooldowns to come to a future version of pip. pip v26.0 added support for th...

sethmlarson.dev

N-gated Hacker News Nov 21

🚨 Alert: Another self-proclaimed tech guru has discovered the magical elixir of "dependency cooldowns" that apparently solves all #open-source #security woes. 💡 Spoiler: It's just another buzzword for "delay your updates" — because clearly, the best way to secure your software is to procrastinate. 😏
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns #techbuzzwords #procrastination #softwareupdates #dependencycooldowns #HackerNews #ngated