I’ve updated the PEP: http://hg.python.org/peps/rev/3128e9d38937
files: pep-0470.txt | 15 +++++++++++++++ 1 files changed, 15 insertions(+), 0 deletions(-) diff --git a/pep-0470.txt b/pep-0470.txt --- a/pep-0470.txt +++ b/pep-0470.txt @@ -389,6 +389,9 @@ hosted. * Default to disallowing safely externally hosted files with only a global flag to enable them, but disallow unsafely hosted. +* Continue on the suggested path of PEP 438 and remove the option to unsafely + host externally but continue to allow the option to safely host externally. + These proposals are rejected because: @@ -454,6 +457,18 @@ or attempt to deploy to a server where their install will fail again until they add the "make it work" flag in their configuration file. +* The URL classification only works for a certain subset of projects, however + it does not allow for any project which needs additional restrictions such + as Access Controls. This means that there would be two methods of doing the + same thing, linking to a file safely and hosting an index. Hosting an index + works in all situations and by relying on this we make for a more consistent + experience no matter the reason for external hosting. + +* The safe external hosting option hampers the ability of PyPI to upgrade it's + security infrastructure. For instance if MD5 becomes broken in the future + there will be no way for PyPI to upgrade the hashes of the projects which + rely on safe external hosting via MD5 while files that are hosted on PyPI + can simply be processed over with a new hash function. Copyright ========= ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
