[英]Conda-Forge vs. conda-forge repo and security
So I use miniconda and was trying to install pyperclip
from conda-forge
but by mistake I capitalized the name so I run:所以我使用 miniconda 并试图从 conda conda-forge
forge 安装pyperclip
但我错误地将名称大写,所以我运行:
conda install -c Conda-Forge pyperclip
(Note the capital letters). (注意大写字母)。 The output was: output 是:
Collecting package metadata (current_repodata.json): done
Solving environment: done
## Package Plan ##
environment location: C:\Users\USUARIO\miniconda3
added / updated specs:
- pyperclip
The following packages will be downloaded:
package | build
---------------------------|-----------------
ca-certificates-2021.10.8 | h5b45459_0 176 KB Conda-Forge
certifi-2021.10.8 | py39hcbf5309_1 145 KB Conda-Forge
conda-4.11.0 | py39hcbf5309_0 16.8 MB Conda-Forge
openssl-1.1.1l | h8ffe710_0 5.7 MB Conda-Forge
pyperclip-1.8.2 | pyhd8ed1ab_2 14 KB Conda-Forge
------------------------------------------------------------
Total: 22.9 MB
The following NEW packages will be INSTALLED:
pyperclip Conda-Forge/noarch::pyperclip-1.8.2-pyhd8ed1ab_2
The following packages will be SUPERSEDED by a higher-priority channel:
ca-certificates conda-forge --> Conda-Forge
certifi conda-forge --> Conda-Forge
conda conda-forge --> Conda-Forge
openssl conda-forge --> Conda-Forge
I was suspicious that it was trying to install openssl
so I canceled and retyped the command with correct capitalization:我怀疑它试图安装openssl
所以我取消并重新输入了正确大小写的命令:
conda install -c conda-forge pyperclip
And got the following:并得到以下信息:
Collecting package metadata (current_repodata.json): done
Solving environment: done
## Package Plan ##
environment location: C:\Users\USUARIO\miniconda3
added / updated specs:
- pyperclip
The following packages will be downloaded:
package | build
---------------------------|-----------------
pyperclip-1.8.2 | pyhd8ed1ab_2 14 KB conda-forge
------------------------------------------------------------
Total: 14 KB
The following NEW packages will be INSTALLED:
pyperclip conda-forge/noarch::pyperclip-1.8.2-pyhd8ed1ab_2
Can anybody explain this?有人可以解释一下吗? What is the difference between conda-forge
and Conda-Forge
? conda-forge
和Conda-Forge
有什么区别?
As @MattThompson pointed out in the comments, they both go to the same place in the end, so not a security issue.正如@MattThompson 在评论中指出的那样,他们最终都将 go 放在同一个地方,所以不是安全问题。
As to why it makes this switch for these specific packages, it has to do with the aggressive_update_packages configuration setting.至于为什么对这些特定的包进行此切换,它与积极的更新包配置设置有关。 That is partially discussed in this answer .这个答案部分讨论了这一点。 Briefly, whenever the user requests to mutate the environment, Conda will attempt to update these packages.简而言之,每当用户请求改变环境时,Conda 都会尝试更新这些包。 Additionally, whenever one uses the -c
flag, they are declaring the specified channel to have the highest priority.此外,无论何时使用-c
标志,他们都在声明指定通道具有最高优先级。 Here that is Conda-forge , but if one had put -c defaults -c Conda-forge
, it would've tried to install those same packages from defaults instead.这里是Conda-forge ,但如果有人放了-c defaults -c Conda-forge
,它会尝试从默认值安装那些相同的包。
In this specific case, the effect would just be a matter of some bookkeeping that is done in the conda-meta/history
file, which appears to be case-sensitive.在这种特定情况下,效果只是在conda-meta/history
文件中完成的一些簿记问题,该文件似乎区分大小写。 While it would track it internally as a change in the channel, it wouldn't actually change the package.虽然它会在内部跟踪它作为通道的变化,但它实际上不会改变 package。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.