On Thu, Jul 5, 2012 at 1:22 PM, Carl Meyer <[email protected]> wrote: > On 07/04/2012 11:00 PM, Donald Stufft wrote: >> On Thursday, July 5, 2012 at 12:43 AM, Aaron Meurer wrote: >>> I think the cleanest way would be to just have a way to tell pip to >>> only install the files that are uploaded to PyPI (alternately, files >>> from a direct download link). In other words, I want to force >>> pip/easy_install to *not* do any link scraping. >> Sounds like something that honestly belongs in pip. >> >> Something like ``pip --disable-external``. >> >> Possibly something like ``pip --only-stable`` or something (if versions >> can be parsed by PEP 345?). > > I don't have any objection to a flag in pip to disable crawling off the > index domain (this is a hard security requirement for some users, and > something pip ought to have), but it doesn't at all meet Aaron's desire > as a package maintainer to be able to make this happen *by default* for > everyone pip-installing his package. > > Carl
Exactly. This would be basically a waste of time if it weren't default, because users can already get this behavior by passing sufficient flags to pip (it might be slightly more convenient, but that's it). My point of view is that of a package maintainer, not a user, who wants the user experience of people trying to install my package using pip to be as seamless as possible. My proposal recognizes that changing the defaults for everyone would be a nightmare that the community is probably not ready for, but still empowers package maintainers like myself to do so if want so. In other words, it would make my life easier, and it wouldn't make your lives any harder. Aaron Meurer _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
