On Fri, Sep 21, 2012 at 11:04 AM, Brett Cannon <[email protected]> wrote: > Agreed. While I might have a suggestion to grab some project from some place > on e.g. bitbucket,
This might've been buried in the thread, but that's *precisely* what dependency links are: a *suggestion* as to where a *normally declared dependency* can be filled. Tools have the option to consume these suggestions, or not. And easy_install *only* uses these suggestions after all other available options for finding the dependency have been exhausted. (E.g. PyPI, already-installed packages, links or indexes supplied on the command line, etc.) So there are two ways to block the use of dependency links: 1. Host restrictions (which can come from the command-line, personal config, or site config) 2. Alternate indexes or command-line overrides for dependency links (also configurable in the above-mentioned places) that satisfy all the needed dependencies (so that easy_install doesn't bother with the suggested links) And you can easily combine the two, even if you're not the NSA. ;-) (You can also ask easy_install not to install dependencies at all, and handle it all yourself.) My point here, btw, isn't to advocate for the exact implementation of dependency links; I just want to make sure everybody knows what they *are*, because AFAICT there has been some huge misunderstanding and FUD going on in this thread, and people making judgments based on amplifying other people's misinterpretations of other people's misunderstandings. _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
