You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spelling_ignore_pypi_package_names setting turns on an ignore words filter that includes every package name registered on PyPI. This has multiple problems, in both the concept and implementation.
It uses the XML-RPC API, which was deprecated 2 years ago.
It uses xmlrpc.client, which is based on httplib; on macOS, this uses the system certificate store, which as of today, fails with an SSL CERTIFICATE_VERIFY_FAILED due to a stale root certificate.
As of today, it returns 446264 packages names for use on the exclude list.
I sure am glad nobody could register a PyPI name of speeling... :-)
At the very least, I'd suggest the filter as-implemented should be deprecated/removed. It's a footgun waiting to go off.
It could possibly be replaced with a list of packages defined in the local environment (populated by pip list or equivalent); but IMHO, software package names should be either (a) automatically excluded because they're being quoted as literals, or (b) should be explicitly included in a spelling list, rather than trying to autodetect every package in the Python ecosystem.
The text was updated successfully, but these errors were encountered:
The
spelling_ignore_pypi_package_namessetting turns on an ignore words filter that includes every package name registered on PyPI. This has multiple problems, in both the concept and implementation.xmlrpc.client, which is based onhttplib; on macOS, this uses the system certificate store, which as of today, fails with an SSL CERTIFICATE_VERIFY_FAILED due to a stale root certificate.speeling... :-)At the very least, I'd suggest the filter as-implemented should be deprecated/removed. It's a footgun waiting to go off.
It could possibly be replaced with a list of packages defined in the local environment (populated by
pip listor equivalent); but IMHO, software package names should be either (a) automatically excluded because they're being quoted as literals, or (b) should be explicitly included in a spelling list, rather than trying to autodetect every package in the Python ecosystem.The text was updated successfully, but these errors were encountered: