I have nothing useful to add except to say: this thread is one of the most
courteous and productive series of arguments I have seen!
On Fri, May 9, 2014 at 6:02 PM, Paul Moore wrote:
> On 9 May 2014 22:33, Donald Stufft wrote:
> > On the flip side option (A) allows us to make this much simpler
On 9 May 2014 22:33, Donald Stufft wrote:
> On the flip side option (A) allows us to make this much simpler overall. We
> can simply do:
>
> If it's hosted on PyPI:
> Trust it.
> else if it's not hosted on PyPI:
> Require a --allow-external-and-unverifiable [*]
>
> This is
On May 9, 2014, at 5:33 PM, Donald Stufft wrote:
>If it's hosted on PyPI:
>Trust it.
>else if it's not hosted on PyPI:
>Require a --allow-external-and-unverifiable [*]
Bleh, I forgot to add the footnote here that said this option name is terrible
and is just an example.
On May 9, 2014, at 1:41 PM, Paul Moore wrote:
> On 9 May 2014 16:56, Donald Stufft wrote:
>> Right, but I think a similar win can be had just by folding —allow-external
>> into —allow-unverifiable and make it —allow-off-pypi (needs a better name,
>> maybe just keep it as --allow-external?). Thi
On 9 May 2014 16:56, Donald Stufft wrote:
> Right, but I think a similar win can be had just by folding —allow-external
> into —allow-unverifiable and make it —allow-off-pypi (needs a better name,
> maybe just keep it as --allow-external?). This would effectively mean that
> an end user cannot say
On Fri, May 9, 2014 at 3:16 AM, Paul Moore wrote:
> So there's an ongoing debate over pip's behaviour around disallowing
> external hosting by default (see thread "pip: cdecimal an externally
> hosted file and may be unreliable" over on python-dev for the latest
> round).
>
> It appears that the r
On May 9, 2014, at 11:41 AM, Paul Moore wrote:
> OK, basically I get what you mean now.
>
> On 9 May 2014 16:37, Donald Stufft wrote:
>> You’re unlikely to ever encounter an issue where adding —allow-external
>> actually helps you, but adding it does make it more likely you’ll be hurt.
>
> We
OK, basically I get what you mean now.
On 9 May 2014 16:37, Donald Stufft wrote:
> You’re unlikely to ever encounter an issue where adding —allow-external
> actually helps you, but adding it does make it more likely you’ll be hurt.
Well, it helps me in that I never need to think about whether I
On May 9, 2014, at 11:26 AM, Paul Moore wrote:
> On 9 May 2014 15:05, Donald Stufft wrote:
>> So originally in order to get pip to consider external hosted files at all
>> you had to have —allow[-all]-external.
>
> Well, *originally* you needed to do nothing. It was only PEP 438 that
> made it
On 9 May 2014 15:05, Donald Stufft wrote:
> So originally in order to get pip to consider external hosted files at all
> you had to have —allow[-all]-external.
Well, *originally* you needed to do nothing. It was only PEP 438 that
made it necessary to do any of this.
> On top of that if you wante
On May 9, 2014, at 9:38 AM, Paul Moore wrote:
> On 9 May 2014 14:12, Donald Stufft wrote:
>> I think that you’re conflating any bug report about these two flags with bug
>> reports about externally hosted things at all.
>
> That may well be true. I find this whole thing confusing (which is
> s
On 9 May 2014 14:12, Donald Stufft wrote:
> I think that you’re conflating any bug report about these two flags with bug
> reports about externally hosted things at all.
That may well be true. I find this whole thing confusing (which is
sort of my point, I guess). Don't we get a lot of reports wh
On May 9, 2014, at 8:46 AM, Paul Moore wrote:
> On 9 May 2014 13:17, Donald Stufft wrote:
>> I replied on python-dev already, but I’m still heavily -1.
>
> Yeah, I have no idea if the discussion will migrate here or not, but I tried
> :-)
>
>> This isn’t actually going to help hardly anyone
On 9 May 2014 13:17, Donald Stufft wrote:
> I replied on python-dev already, but I’m still heavily -1.
Yeah, I have no idea if the discussion will migrate here or not, but I tried :-)
> This isn’t actually going to help hardly anyone since almost no packages are
> hosted safely externally. I thi
On May 9, 2014, at 6:16 AM, Paul Moore wrote:
> So there's an ongoing debate over pip's behaviour around disallowing
> external hosting by default (see thread "pip: cdecimal an externally
> hosted file and may be unreliable" over on python-dev for the latest
> round).
>
> It appears that the re
So there's an ongoing debate over pip's behaviour around disallowing
external hosting by default (see thread "pip: cdecimal an externally
hosted file and may be unreliable" over on python-dev for the latest
round).
It appears that the reason for disallowing external hosting (as
opposed to unverifi
16 matches
Mail list logo
