Information
Description
Thanks for this repo. 🙇 Finally there is a way to build keymaps without installing ton of stuff on my machine.
I noticed that ghcr.io/qmk/qmk_cli image already has latest pip https://github.com/qmk/qmk_cli/blob/d3917b10e7621632098028a68982727b10ec83f5/Dockerfile#L8, so why is there a need to download get-pip.py?
And if there is a need for latest pip why not do python3 -m pip install --upgrade pip like qmk_cli does?
Also downloading .py file with blobs looks suspicious. It even has a comment in the start of the file:
But that's exactly what i would say if i was up for something nefarious :D
Information
Description
Thanks for this repo. 🙇 Finally there is a way to build keymaps without installing ton of stuff on my machine.
I noticed that
ghcr.io/qmk/qmk_cliimage already has latest pip https://github.com/qmk/qmk_cli/blob/d3917b10e7621632098028a68982727b10ec83f5/Dockerfile#L8, so why is there a need to download get-pip.py?And if there is a need for latest pip why not do
python3 -m pip install --upgrade piplike qmk_cli does?Also downloading .py file with blobs looks suspicious. It even has a comment in the start of the file:
But that's exactly what i would say if i was up for something nefarious :D