<html><head></head><body bgcolor="#FFFFFF"><div><span class="Apple-style-span" style>On Jun 22, 2012, at 6:58 PM, PJ Eby <<a href="mailto:pje@telecommunity.com">pje@telecommunity.com</a>> wrote:</span></div><div><br>
</div><div></div><blockquote type="cite"><div><div class="gmail_quote">On Fri, Jun 22, 2012 at 8:21 PM, Aaron Meurer <span dir="ltr"><<a href="mailto:asmeurer@gmail.com" target="_blank">asmeurer@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi.<br>
<br>
I'm following up on a discussion on the pip mailing list<br>
(<a href="https://groups.google.com/forum/#%21topic/python-virtualenv/PZNj9pC6aKA/discussion" target="_blank">https://groups.google.com/forum/#!topic/python-virtualenv/PZNj9pC6aKA/discussion</a>),<br>
where I was directed here.<br>
<br>
Would it be possible to add some kind of a flag to PyPI that would let<br>
package maintainers tell pip to install only the uploaded file (or<br>
possibly also the file given by a direct link), and no others?<br>
<br>
Currently, pip aggressively tries to find the latest version of a<br>
package by crawling all links on the PyPI page, even those from older<br>
versions. This is a headache to me as a package maintainer because it<br>
means that pip is quite often installing the wrong thing. Recently,<br>
pip was trying to install our html docs because we had a file uploaded<br>
at Google Code named "sympy-0.7.1-html-docs", </blockquote><div><br>The simple way to correct this problem is to rename the file 'sympy-html-docs-0.7.1' - this will fix things for all installers that follow easy_install's discovery protocol, including pip and zc.buildout.<br>
</div></div></div></blockquote><div><br></div>Yes, I did this. But it doesn't solve the issue of installing our release candidates, or trying to install who knows what because of the discovery "protocol" (which I would call the discovery magic). <div>
<br><blockquote type="cite"><div><div class="gmail_quote"><div>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">which it deemed to be a<br>
newer version than "sympy-0.7.1". There's also the issue that every<br>
time we put out a release candidate for a new version, pip starts<br>
installing that, when I would prefer it to only install stable final<br>
releases. It's also, as I noted on the other discussion list, a bit<br>
of a security risk.<br></blockquote><div><br>zc.buildout includes a flag to prefer stable releases, and I believe some other installation tools do as well. You might suggest they add such a flag to pip and move towards using it by default. <br>
</div></div><br>
</div></blockquote><br></div><div>The pip guys don't want to make this change, I guess because of the problems it would cause with who knows how many packages wouldn't be following this. See the discussion I linked to. I do agree that this would be the better way to do it (but I can think of about a thousand "better ways to do it" as far as Python packaging is concerned, but none of them will happen, or at least not within the timeline that I'm hoping for). </div>
<div><br></div><div>Aaron Meurer</div></body></html>