On Fri, Jun 22, 2012 at 8:21 PM, Aaron Meurer <[email protected]> wrote:
> Hi. > > I'm following up on a discussion on the pip mailing list > ( > https://groups.google.com/forum/#!topic/python-virtualenv/PZNj9pC6aKA/discussion > ), > where I was directed here. > > Would it be possible to add some kind of a flag to PyPI that would let > package maintainers tell pip to install only the uploaded file (or > possibly also the file given by a direct link), and no others? > > Currently, pip aggressively tries to find the latest version of a > package by crawling all links on the PyPI page, even those from older > versions. This is a headache to me as a package maintainer because it > means that pip is quite often installing the wrong thing. Recently, > pip was trying to install our html docs because we had a file uploaded > at Google Code named "sympy-0.7.1-html-docs", The simple way to correct this problem is to rename the file 'sympy-html-docs-0.7.1' - this will fix things for all installers that follow easy_install's discovery protocol, including pip and zc.buildout. > which it deemed to be a > newer version than "sympy-0.7.1". There's also the issue that every > time we put out a release candidate for a new version, pip starts > installing that, when I would prefer it to only install stable final > releases. It's also, as I noted on the other discussion list, a bit > of a security risk. > zc.buildout includes a flag to prefer stable releases, and I believe some other installation tools do as well. You might suggest they add such a flag to pip and move towards using it by default.
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
