On 11 May 2014 23:18, "Donald Stufft" <don...@stufft.io> wrote: > > You’re worried that this change is a (or will at least be perceived as such) FU to Stefan and MAL, I’m worried that not fixing this is a FU to *everyone else*.
Keep in mind that I am *agreeing* that "allow external" at the package level needs to be the "just make it work" option, and hence should provide the current "allow unverifiable" behaviour. The only point of contention is what to do with the current "allow external" behaviour: 1. Delete it entirely 2. Rename it 3. Only have it available as a global flag The relevant paragraph of PEP 438 that we're considering deciding is wrong is this one from the phase 2 description: """Installers should provide a blanket option to allow installing any verifiable external link. Non-verifiable external links should only be installed if the user-provided option specifies exactly which external domains can be used or for which specific package names external links can be used.""" So, re-reading that, my preference is for option 3: keeping the global allow-all-external flag, but renaming it as something like "allow-all-verifiable-external". It's only dropping that flag entirely or making it mean "allow all unverifiable" that would mean moving away from the previously agreed approach in the PEP. There's no requirement in the PEP for a per-package flag to accept verifiable downloads, so making allow-external mean the same thing as allow-unverifiable isn't a problem from that perspective. The PEP also doesn't mandate particular option names. Cheers, Nick. P.S. I wrote most of the above before catching up on the PR comments, including Paul's one about taking the PEP as authoritative. Indeed, I do, and I don't think writing a replacement just to delete one not-especially-useful option is a good use of time and energy :) > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
