On 02/27/2013 04:04 PM, Lennart Regebro wrote: > On Wed, Feb 27, 2013 at 8:49 PM, Monty Taylor <mord...@inaugust.com> wrote: >>> But wouldn't this only be a change in pip/easy_install, not PyPI >>> itself? I suppose you could explicitly break the external links by >>> having them point to nothing if you are worried about the security or >>> if it's some performance issue (that would indeed be a bad >>> compatibility break, in case people are using those for other >>> purposes). Otherwise, if it's a problem, then just use the old >>> version of pip. >> >> If we don't remove the feature from pypi itself > > It isn't a feature of PyPI. PyPI doesn't require you to upload the > files to PyPI. For that reason, easy_install and PIP will scrape > external sites to be able to download the files. > > What we should do is agree that this should stop, and a deprecation > warning to pip and easy_install and after some pre-determined time > remove the feature from easy_install and pip.
Good point. >> folks for whom its a problem, because there will be no incentive for the >> folks hosting their software that way to actually upload their stuff to >> PyPI > > Yes there will be: Everyone mailing them to tell them there software > is broken and can't be installed with easy_install and pip. That's > going to be very annoying very fast. ;-) ++ We could also write an easy utility that a maintainer could run on their project like: suck_in my_package Which would query current pypi for a list of available releases of my_package, then post them as a direct upload to pypi and finally remove the external link. That way, once someone annoys them, there's an easy answer of how to migrate. _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
