Also wanted to call attention to this comment, where the specification for Direct URLs also doesn’t make mention of the risk of authentication credentials in recorded URLs: PEP 751: lock files (again) - #61 by ncoghlan
Also wanted to call attention to this comment, where the specification for Direct URLs also doesn’t make mention of the risk of authentication credentials in recorded URLs: PEP 751: lock files (again) - #61 by ncoghlan