Comment by acdha

4 days ago

> Pip does not support this; with uv, use `--exclude-newer`. This appears to require a timestamp; so if you always want things up to X days old you'll have to recalculate.

I do this by having my shell init do this:

    export UV_EXCLUDE_NEWER=$(date -Iu -d "14 days ago")

That’s easy to override if you need to but otherwise seamless.

2 comments

acdha

Reply
zahlman  4 days ago

FWIW, I'd like if these tools had an option to prefer the oldest version satisfying the given constraints (rather than the newest, as it is now — probably still a better default).

  • collinmanderson  3 days ago

    > prefer the oldest version satisfying the given constraints

    The problem is there's no metadata for which versions fix security bugs, and therefore which previous versions are now insecure.