Affects Version/s: 4.1.3
Fix Version/s: 4.2.0
Component/s: Packaging / Build, Security
We are currently simply listing what module we need and its version.
To prevent security breaches and distributing binaries containing malwares, we must set the packages hashes.
We must expand requirements files to list submodules and their hashes to ensure no unchecked submodule can be compromised too.
And we need to ensure pip is installing only modules we are asking for.