On 02/27/2013 02:47 PM, Aaron Meurer wrote: > On Wed, Feb 27, 2013 at 11:37 AM, holger krekel <hol...@merlinux.eu> wrote: >> On Wed, Feb 27, 2013 at 19:34 +0100, Lennart Regebro wrote: >>> On Wed, Feb 27, 2013 at 5:34 PM, M.-A. Lemburg <m...@egenix.com> wrote: >>>> I'm not saying that it's not a good idea to host packages on PyPI, >>>> but forcing the community into doing this is not a good idea. >>> >>> I still don't understand why not. The only reasons I've seen are >>> "Because they don't want to" or "because they don't trust PyPI". And >>> in the latter case I'm assuming they wouldn't use PyPI at all. >>> >>> And of course, nobody is forcing anyone, just like nobody is forcing >>> you to use PyPI. :-) >> >> I understood there is the idea to disable external links within a couple >> of months. That does break backward compatibility in a considerable way. >> >> holger > > But wouldn't this only be a change in pip/easy_install, not PyPI > itself? I suppose you could explicitly break the external links by > having them point to nothing if you are worried about the security or > if it's some performance issue (that would indeed be a bad > compatibility break, in case people are using those for other > purposes). Otherwise, if it's a problem, then just use the old > version of pip.
If we don't remove the feature from pypi itself, then it won't help the folks for whom its a problem, because there will be no incentive for the folks hosting their software that way to actually upload their stuff to PyPI - which means that client-side disabling of external_links is fairly likely to never be usable. _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
