On Mar 13, 2013, at 10:26 AM, PJ Eby <p...@telecommunity.com> wrote: > On Wed, Mar 13, 2013 at 7:21 AM, holger krekel <hol...@merlinux.eu> wrote: >> Hi all, >> >> after some more discussions and hours spend by Carl Meyer (who is now >> co-authoring the PEP) and me, here is a new V3 pre-submit draft. >> It is now more ambitious than the previous draft as should be obvious >> from the modified abstract (and Carl Meyers and Philip's earlier >> interactions on this list). There also are more details of how >> the current link-scraping works among other improvements and incorporations >> of feedback from discussions here. >> >> We intend to submit this draft tonight to the PEP editors. >> >> Feedback now and later remains welcome. I am sure there are issues to >> be sorted and clarified, among them the versioning-API suggestion by >> Marc-Andre. >> >> Thanks for everybody's support and feedback so far, >> holger > > Looks good to me! > > Setuptools' two releases will probably look like this: > > 1. Default to externals index, warn when fetching URLs that are not > the same host as the index > 2. Default to externals index, reject URLs that are not the same host > as the index unless --allow-hosts is configured (IOW, default > allow-hosts to equal index-url host) > > That way, external URLs can still be discovered by the user, but the > default configuration is still secure. > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig
For the record I support the PEP and these 2 steps sound ok to me. My only suggestion is an additional rel attribute for indexes to indicate this is index hosted file incase the index domain and the package host domain differ (as is the case with Crate). ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
