throwaway3646's comments

throwaway3646 · 2025-07-31T14:42:01 1753972921

If you are in a commercial environment, I can only warn to think that using alternative conda clients will be safe. Condaforge for instance will happily download from the main channel if the recipe requires it. It's pretty hard to make sure this does not happen, best solution is to block access on a network level.

matrss · 2025-07-31T14:48:49 1753973329

Do you have an example for a package on conda-forge that actually does this? I can only find a vague announcement from 2021 that the "defaults channel is now dropped when building conda-forge packages", as well as statements that the conda-forge repositories are considered incompatible with the defaults channel and having both enabled is an unsupported configuration. Access is blocked on the network level anyway.

legobmw99 · 2025-07-31T14:49:09 1753973349

That can only happen if you as a user have the 'defaults' channel still configured as available, and conda-forge considers it a user error whenever this happens (the official line is `conda-forge is incompatible with the packages provided in defaults`). Many bug reports are closed simply by telling the user to fix their channel priorities and stop mixing the two

throwaway3646 · 2025-07-31T14:57:54 1753973874

Correct, it's a user error, but in a corporate environment, this happens. Many scientists have their own recipes and you can't catch them all.

matrss · 2025-07-31T15:25:51 1753975551

So with a fresh installation of one of those alternative conda clients and no user intervention it won't happen, right? On top of that you can block access on the network level as well.

Sure, when your employees are outside of the corporate network they can still download stuff from the default channels, but in the end it is no different than any other license violation they could do. At least with Anaconda there is a semi-effective fix.

igortg · 2025-07-31T14:50:01 1753973401

I use Miniforge in a commercial environment and never found a package downloading from the main channel. I'm pretty sure a recipe that does that would be blocked by conda-forge reviewers.

throwaway3646 · 2025-07-31T14:30:50 1753972250

This will also happen if you use condaforge, which can be downloaded freely. Condaforge will also download from the main channel if the recipe requires it.

throwaway3646 · 2025-07-31T14:21:26 1753971686

By checking IP, I'm guessing

gonzalohm · 2025-08-01T02:56:03 1754016963

I work from home and even if I didn't, how are they going to link an IP to a company

throwaway3646 · 2025-07-31T14:19:07 1753971547

Can confirm, this is exactly what happened. They demand ridiculous back payments unless you buy multiple-year licenses. It would be trivial for them to require an account to use the main channel, but they deliberately make it easy to accidentally use it. If you have to use it, make sure to DNS block anaconda.com (.org seems to be fine), but even better, just avoid them like the plague.