On Tue, Oct 29, 2013 at 5:45 AM, Marius Gedminas wrote:
> Specifying dependency_links in random packages' setup.py's is a
> nuisance and I would rather it went away. I always turn it off by
> specifying allow-hosts = *.python.org in buildout.cfg
Some packages indexed on PyPI have downloads elsew
On Oct 29, 2013, at 5:45 AM, Marius Gedminas wrote:
> On Sun, Oct 27, 2013 at 03:52:04PM -0700, Marcus Smith wrote:
>>> So I asked the person I know, and this is what he said, "Yes, we have
>>> to use it! It's the only way to allow a package to install other
>>> packages that aren't on PyPI-- f
On Sun, Oct 27, 2013 at 03:52:04PM -0700, Marcus Smith wrote:
> > So I asked the person I know, and this is what he said, "Yes, we have
> > to use it! It's the only way to allow a package to install other
> > packages that aren't on PyPI-- for instance, a custom fork of a
> > library."
> >
> > Is
On Sun, Oct 27, 2013 at 10:49 PM, Chris Jerdonek
wrote:
> On Sun, Oct 27, 2013 at 12:04 PM, Chris Jerdonek
> wrote:
> >
> > On Sun, Oct 27, 2013 at 10:44 AM, Donald Stufft
> wrote:
> >>
> >> Here’s the list of dependency links for the projects that still use
> them in their latest releases:
> >>
https://github.com/pypa/pip/pull/1264
On Oct 27, 2013, at 7:45 PM, Nick Coghlan wrote:
>
> On 28 Oct 2013 09:11, "Marcus Smith" wrote:
> >
> > Chris:
> > to be clear, after talking to Donald, we interpreted your question
> > differently.
> >
> > - If you're distributing library Y, and it dep
On 28 Oct 2013 09:11, "Marcus Smith" wrote:
>
> Chris:
> to be clear, after talking to Donald, we interpreted your question
differently.
>
> - If you're distributing library Y, and it depends on X, but it now needs
a custom/fixed fork of X, then what Donald said, rename and re-publish (or
vendor
Chris:
to be clear, after talking to Donald, we interpreted your question
differently.
- If you're distributing library Y, and it depends on X, but it now needs a
custom/fixed fork of X, then what Donald said, rename and re-publish (or
vendor it).
- If you just need to override a buggy pypi packa
> So I asked the person I know, and this is what he said, "Yes, we have
> to use it! It's the only way to allow a package to install other
> packages that aren't on PyPI-- for instance, a custom fork of a
> library."
>
> Is there another approach or work-around he can be using? What is the
> "rig
On Oct 27, 2013, at 5:49 PM, Chris Jerdonek wrote:
> On Sun, Oct 27, 2013 at 12:04 PM, Chris Jerdonek
> wrote:
>>
>> On Sun, Oct 27, 2013 at 10:44 AM, Donald Stufft wrote:
>>>
>>> Here’s the list of dependency links for the projects that still use them in
>>> their latest releases:
>>>
>>>
On Sun, Oct 27, 2013 at 12:04 PM, Chris Jerdonek
wrote:
>
> On Sun, Oct 27, 2013 at 10:44 AM, Donald Stufft wrote:
>>
>> Here’s the list of dependency links for the projects that still use them in
>> their latest releases:
>>
>> https://gist.github.com/dstufft/7185162
>>
>> A good number of them
On 28 Oct 2013 03:44, "Donald Stufft" wrote:
>
> Here’s the list of dependency links for the projects that still use them
in their latest releases:
>
> https://gist.github.com/dstufft/7185162
>
> A good number of them are either bogus, are pointing directly to PyPI, or
are file:// urls that are hi
On Sun, Oct 27, 2013 at 10:44 AM, Donald Stufft wrote:
> Here’s the list of dependency links for the projects that still use them
> in their latest releases:
>
> https://gist.github.com/dstufft/7185162
>
> A good number of them are either bogus, are pointing directly to PyPI, or
> are file:// url
Here’s the list of dependency links for the projects that still use them in
their latest releases:
https://gist.github.com/dstufft/7185162
A good number of them are either bogus, are pointing directly to PyPI, or are
file:// urls that are highly unlikely to exist on anyones computer but the
au
More numbers, of the 411 projects who have ever used dependency links, only 311
of them use them in their latest release.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GP
On 27 Oct 2013 18:38, "Marcus Smith" wrote:
>
>
>>
>> "we don't know what happens inside corporate firewalls"
>
>
> non-published use of dependency links could turn out to be the use-cases
that we'd get complaints about
>
>
>>
>> To me, the best part of the more aggressive timeline is it means
>>
> "we don't know what happens inside corporate firewalls"
>
non-published use of dependency links could turn out to be the use-cases
that we'd get complaints about
> To me, the best part of the more aggressive timeline is it means
> CPython would never ship a version of pip that allows that par
>
> I also think it is reasonable to continue offering a feature like
> dependency_links on an opt-in basis for controlled environments (I see
> it as analagous to the direct references feature in PEP 440).
>
>
with pip already, the idea** is that you can enforce a concrete location
for a
dependenc
On 27 October 2013 14:35, Donald Stufft wrote:
>
> On Oct 27, 2013, at 12:30 AM, Nick Coghlan wrote:
>
>> On 27 October 2013 14:13, Donald Stufft wrote:
>>>
>>> On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
>>>
Ok here’s the real list: https://gist.github.com/dstufft/7177500
>>>
>>> Q
On Oct 27, 2013, at 1:07 AM, holger krekel wrote:
> On Sun, Oct 27, 2013 at 14:30 +1000, Nick Coghlan wrote:
>> On 27 October 2013 14:13, Donald Stufft wrote:
>>>
>>> On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
>>>
Ok here’s the real list: https://gist.github.com/dstufft/7177500
On Sun, Oct 27, 2013 at 14:30 +1000, Nick Coghlan wrote:
> On 27 October 2013 14:13, Donald Stufft wrote:
> >
> > On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
> >
> >> Ok here’s the real list: https://gist.github.com/dstufft/7177500
> >
> > Quick note that this list is a list of projects th
On Sun, Oct 27, 2013 at 12:30 AM, Nick Coghlan wrote:
> Am I correct in thinking that providing a flag to disable them
> completely will be enough to get ensurepip to behave itself?
There's been a setting for this in buildout for some time, and I don't
build without it.
Your deprecation path sou
On Oct 27, 2013, at 12:30 AM, Nick Coghlan wrote:
> On 27 October 2013 14:13, Donald Stufft wrote:
>>
>> On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
>>
>>> Ok here’s the real list: https://gist.github.com/dstufft/7177500
>>
>> Quick note that this list is a list of projects that have
On 27 October 2013 14:13, Donald Stufft wrote:
>
> On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
>
>> Ok here’s the real list: https://gist.github.com/dstufft/7177500
>
> Quick note that this list is a list of projects that have *ever* used
> dependency links on PyPI. Some of these projects
On Oct 26, 2013, at 11:59 PM, Donald Stufft wrote:
> Ok here’s the real list: https://gist.github.com/dstufft/7177500
Quick note that this list is a list of projects that have *ever* used
dependency links on PyPI. Some of these projects are no longer
using them.
-
Donald Stufft
Ok here’s the real list: https://gist.github.com/dstufft/7177500
On Oct 26, 2013, at 11:00 PM, Donald Stufft wrote:
> Bleh scratch that, it was adding everything :(
>
> On Oct 26, 2013, at 10:59 PM, Donald Stufft wrote:
>
>>
>> On Oct 26, 2013, at 10:14 PM, Donald Stufft wrote:
>>
>>> I wo
Bleh scratch that, it was adding everything :(
On Oct 26, 2013, at 10:59 PM, Donald Stufft wrote:
>
> On Oct 26, 2013, at 10:14 PM, Donald Stufft wrote:
>
>> I would like to remove dependency_links from pip, and ideally
>> also setuptools.
>>
>> In implementing the ensurepip module from PEP4
On Oct 26, 2013, at 10:14 PM, Donald Stufft wrote:
> I would like to remove dependency_links from pip, and ideally
> also setuptools.
>
> In implementing the ensurepip module from PEP453 I realized that
> even with the ``--no-index`` flag pip was still attempting to
> reach the internet. After
I would like to remove dependency_links from pip, and ideally
also setuptools.
In implementing the ensurepip module from PEP453 I realized that
even with the ``--no-index`` flag pip was still attempting to
reach the internet. After a little bit of investigation I realized
that the reason for this
28 matches
Mail list logo