Encouraging secure package installations with pip install -e autora[...]

[younesStrittmatter]

For security reasons and for quality control, we could encourage users to install packages used for autora only with the command pip install -e autora[...] instead of pip install autora-... (That way, only packages are installed that we listed in the pyproject.toml file as optional dependencies)

[musslick]

That is a great point. Perhaps we could mark this as an issue for the documentation?

[younesStrittmatter]

Yes, I would maybe even put this as a disclaimer or something in more than one place of the documentation: If you are using pip install autora-... it is on your own risk, and the package might have nothing to do with autora (may even be malware or whatever), while pip install -e autora[...] is guaranteed to be approved by the team.

[hollandjg]

At the moment, you can't do pip install autora[theorist-darts] because the darts sub package isn't yet included in the released autora package (v 2.4.1).
You could do pip install autora[theorist-darts] --pre though, as that gets the newest pre-release (at least it will be in a few minutes).