On Wed, Feb 27, 2013 at 12:49 PM, Monty Taylor <[email protected]> wrote: > > > On 02/27/2013 02:47 PM, Aaron Meurer wrote: >> On Wed, Feb 27, 2013 at 11:37 AM, holger krekel <[email protected]> wrote: >>> On Wed, Feb 27, 2013 at 19:34 +0100, Lennart Regebro wrote: >>>> On Wed, Feb 27, 2013 at 5:34 PM, M.-A. Lemburg <[email protected]> wrote: >>>>> I'm not saying that it's not a good idea to host packages on PyPI, >>>>> but forcing the community into doing this is not a good idea. >>>> >>>> I still don't understand why not. The only reasons I've seen are >>>> "Because they don't want to" or "because they don't trust PyPI". And >>>> in the latter case I'm assuming they wouldn't use PyPI at all. >>>> >>>> And of course, nobody is forcing anyone, just like nobody is forcing >>>> you to use PyPI. :-) >>> >>> I understood there is the idea to disable external links within a couple >>> of months. That does break backward compatibility in a considerable way. >>> >>> holger >> >> But wouldn't this only be a change in pip/easy_install, not PyPI >> itself? I suppose you could explicitly break the external links by >> having them point to nothing if you are worried about the security or >> if it's some performance issue (that would indeed be a bad >> compatibility break, in case people are using those for other >> purposes). Otherwise, if it's a problem, then just use the old >> version of pip. > > If we don't remove the feature from pypi itself, then it won't help the > folks for whom its a problem, because there will be no incentive for the > folks hosting their software that way to actually upload their stuff to > PyPI - which means that client-side disabling of external_links is > fairly likely to never be usable.
How would you remove it from PyPI itself? Would that just require changing some urls, so that pip doesn't know where to find stuff any more? Sorry if this is obvious. I'm not a pip/PyPI developer. Just a package maintainer who has been irked several times by pip's/PyPI's/easy_install's idiotic external links policy. Aaron Meurer > > _______________________________________________ > Catalog-SIG mailing list > [email protected] > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
