Paul Moore wrote:
> 1. There will be a single per-package opt-in flag, that is needed for
> any package not hosted on PyPI (effectively merging --allow-external
> and --allow-unverifiable)
Could this flag be called "--skip-verify"? If I understand correctly,
it will also suppress verification fo
On May 13, 2014, at 8:16 AM, Paul Moore wrote:
>> External and verifiable packages have the same security as uploaded files
>> (though I would like to use sha256 instead of md5 the URL).
>
> Correct (I think it might even be correct for indirectly linked files
> where each link has a hash, whic
On 13 May 2014 12:16, Stefan Krah wrote:
>> I believe that option has been there for a while as
>> --allow-[all]-external. Again, naming and discoverability may be an
>> issue, but the functionality is available.
>
> Yes, but I understood that the latest proposals in this thread wanted
> to get ri
Hi, I downloaded cli-32.exe from -> http://bugs.python.org/setuptools/issue2
and this made the installation of setuptools to finish correctly.
Hope it helps!
--
View this message in context:
http://python.6.x6.nabble.com/error-in-windows-7-installation-tp4887760p5056718.html
Sent from the Pytho
On May 13, 2014, at 7:58 AM, Stefan Krah wrote:
> Paul Moore wrote:
>>> Not quite the sequence of events. -- I left the existing explicit link
>>> for some time after the first posts to python-dev. Then serious security
>>> issues were marginalized ("not a meaningful scenario"). I find this a
Paul Moore wrote:
> > Not quite the sequence of events. -- I left the existing explicit link
> > for some time after the first posts to python-dev. Then serious security
> > issues were marginalized ("not a meaningful scenario"). I find this a
> > little surprising, since PEP 458 is precisely th
On May 13, 2014, at 7:16 AM, Stefan Krah wrote:
> FreeBSD ports have been using the download-from-many-but-verify strategy
> for a long time. I don't see why users should find this surprising.
The difference is in expectations which is a function of what the “normal” is.
For FreeBSD ports it
> Correct me if I'm wrong, but I've a feeling you once said you'd tested
> distil against all the packages on PyPI (which is a mammoth task, so I
> could easily be wrong...)
Not fully tested in the sense you mean - that *would* be a mammoth task :-)
However, I have tried to make declarative met
Paul Moore wrote:
> > "Installers should provide a blanket option to allow installing any
> > verifiable
> > external link."
> >
> > Perhaps something like --allow-verifiable-external would do? I would not be
> > unhappy if link-spidering were to be removed, I find it reasonable to
> > provide
On 13 May 2014 01:15, Vinay Sajip wrote:
> The packages distil has problems with are those that do significant things in
> setup.py, such as moving files
> around in the source tree, generating new source files, subclassing distutils
> so you can't see what the
> actual operations being carried
FYI, I eventually created
https://github.com/buildout/buildout/issues/186
ciao, lele.
--
nickname: Lele Gaifax | Quando vivrò di quello che ho pensato ieri
real: Emanuele Gaifas | comincerò ad aver paura di chi mi copia.
l...@metapensiero.it | -- Fortunato Depero, 1929.
_
11 matches
Mail list logo