On Oct 27, 2013, at 5:49 PM, Chris Jerdonek <[email protected]> wrote:
> On Sun, Oct 27, 2013 at 12:04 PM, Chris Jerdonek > <[email protected]> wrote: >> >> On Sun, Oct 27, 2013 at 10:44 AM, Donald Stufft <[email protected]> wrote: >>> >>> Here’s the list of dependency links for the projects that still use them in >>> their latest releases: >>> >>> https://gist.github.com/dstufft/7185162 >>> >>> A good number of them are either bogus, are pointing directly to PyPI, or >>> are file:// urls that are highly unlikely to exist on anyones computer but >>> the author’s. All in all there are 307 total unique links in this set of >>> packages, and 99 of them are not reachable from my computer >>> (requests.get(…) raises an exception). >> >> I actually know a couple people on this list. I can ask them and see if the >> list can be reduced further. :) > > So I asked the person I know, and this is what he said, "Yes, we have > to use it! It's the only way to allow a package to install other > packages that aren't on PyPI-- for instance, a custom fork of a > library." > > Is there another approach or work-around he can be using? What is the > "right" way for him to do it? > > --Chris Upload the package to PyPI under a different name? Vendor the package inside the source? Maybe his fork is incompatible, the way he’s doing it it’ll install, pretending to be the unforked library, and then if something *else* depends on it, it’ll get a fundamentally incompatible version of that library (in the theoretical situation). ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
