Why are not this hosted at palo altos own site? Yes im abit paranoid but i have never understod why this kind of packages are hosted at pip? At least if they are hosted at external site. Would it not be possible to implement something like this https://media.djangoproject.com/pgp/Django-2.2.12.checksum.txt ?
If you are suspicious of the pandevice currently hosted on pypi, you can always just download pandevice straight from github. When a tag is referred at and a release is created, that snapshot creates a tarball that you can see in the Releases tab in github. Both the current and any previous release.
Alternatively you can pip download the package, clone the repo, then diff both directories.
I think I remember something about github and checksums at the last github universe late last year, tho, so it's possible they're going to be doing something about this as well..?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!