On 08.05.2014 16:42, M.-A. Lemburg wrote: > On 08.05.2014 15:58, Donald Stufft wrote: >> >> On May 8, 2014, at 9:39 AM, M.-A. Lemburg <m...@egenix.com> wrote: >> >>> Well, to be fair and leaving aside uptime concerns and the general >>> desire to always install packages from some server instead of >>> a safe and trusted local directory (probably too obvious ;-), >>> it would certainly be possible to add support for >>> trusted externally hosted packages. >> >> There is support for trusted externally hosted packages, you put the URL in >> PyPI and include a hash in the fragment like so: >> >> http://www.bytereef.org/software/mpdecimal/releases/cdecimal-2.3.tar.gz#md5=655f9fd72f7a21688f903900ebea6f56 >> >> The hash can be md5 or any of the sha-2 family. >> >> Now this does not mean that ``pip install cdecimal`` will automatically >> install >> this, because whether or not you're willing to install from servers other >> than >> PyPI[1] is a policy decision for the end user of pip. > > Hmm, if you call that feature "trusted externally hosted packages", > pip should really do trust them, right ? ;-) > > I can understand that pip defaults to not trusting URLs which don't > meet the above feature requirements, but not that it still warns > about unreliable externally hosted packages even if the above > feature is used. > > At the moment, pip will refuse to use an externally hosted files even > if the package author uses the above hashed URLs; even with HTTPS > and proper SSL certificate chain.
Could this perhaps be changed/reconsidered for pip ? Note that easy_install/setuptools does not have such problems. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 08 2014) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com