Getting no warning if uv gets 403 on Private Repository #10684
Labels
question
Asking for clarification or support
Comments
|
I believe it's a JFrog behavior to pass-through to PyPI when credentials are not provided — that's not a uv feature. We're probably not even receiving a 403. If you provide a username on the index URL, that will force uv to use an authenticated request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
First of all, thank you for this excellent piece of software as well as Ruff. My team and I are loving it!
I believe we may have encountered a bug.
We are using private JFrog/Artifactory PyPI repositories. When new users want to access them, they need permission to do so. If they do not have permissions on one of our repositories, and there is a package with the same name on PyPI.org, UV does not issue a warning that the client received a 403 Access Denied. Instead, it installs the package from PyPI.org.
We run UV with the --verbose flag, but nothing in the debug logs indicates that UV attempted to connect to the private repository and received a 403 error.
Maybe I misunderstand something, or it could be a bug?
Thank you for your time and effort.
The text was updated successfully, but these errors were encountered: