Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

CML Python Package Installation Security

avatar
Explorer

Hello,

I've noticed how the CML Terminal lets you install Python packages on the 'Net using pip.

(A gcc compiler is even available!)

Isn't that a security risk?

Is there a way to only allow package installation from an in-house repository?

Many thanks.

1 ACCEPTED SOLUTION

avatar
Contributor

pip index url can be configured as an admin environment variable, but users can override the same with the project environment variable or manual override.

utmost way is to make the cluster air gapped. As long as the cluster has internet gateway, sessions can reach internet to pull the packages

View solution in original post

1 REPLY 1

avatar
Contributor

pip index url can be configured as an admin environment variable, but users can override the same with the project environment variable or manual override.

utmost way is to make the cluster air gapped. As long as the cluster has internet gateway, sessions can reach internet to pull the packages