Switch to unsafe-best-match for proper m... | Home Assistant | Page 1

gaunt ore Feb 27, 2026, 12:55 PM

#

@jagged bramble and others. What's your opinion on it?

#

One idea could also that we remove any packages where the wheels for all supported archs are on pypi and don't upload them anymore

gaunt ore Feb 27, 2026, 1:31 PM

#

For context: https://docs.astral.sh/uv/concepts/indexes/#searching-across-multiple-indexes

While unsafe-best-match is the closest to pip's behavior, it exposes users to the risk of "dependency confusion" attacks.

Package indexes | uv

uv is an extremely fast Python package and project manager, written in Rust.

jagged bramble Feb 27, 2026, 3:22 PM

#

We should prefer our index tbh

#

Mostly because we run auditwheel over them

gaunt ore Feb 27, 2026, 3:25 PM

#

Fine for me but then we need to delete packages that we don't use anymore so they can downloaded from pypi when a custom component is using them

jagged bramble Feb 27, 2026, 3:26 PM

#

I do not understand the issue tbh

#

If this is a problem, it means the custom integration hasn't pinned?

gaunt ore Feb 27, 2026, 3:27 PM

#

https://github.com/mikey0000/Mammotion-HA/issues/528

GitHub

Broken in upcoming 2026.3 HA release · Issue #528 · mikey0000/Mam...

The problem I'm currently running the Home Assistant 2026.3 beta, Mammotion is broken in that version. More specifically, 1 of the dependencies can not be used with Python 3.14 it seems: Logger...

#

shapely is uploading musllinux wheels to pypi but as we have some version of it on our wheels server, uv will not use the ones on pypi currently

#Switch to unsafe-best-match for proper m...