Thank you for the project, quick question:
I see that restrict-modify actually only allows changes made by the principals listed there. Which kinda means that you are either root or you aren't, should restrict-modify also allow index_create/user_modify for authenticated users?
Hello Devpi deverlopers,
We're looking for a solution for internal PyPi server.
We like developers/data Scientists to use the packages only from the
internal repo, which is approved by legal and scanned for
security purposes. Can we let admins to download from external PyPi, and
other users only download from internal repo only? If the package is not in
the local repo, the developers need to discuss with Admin first.
From reading the doc it seems Devpi can be a through cache. Is this
something Devpi can do?
Thank you very much!
I am having the exact same issue. I've set up devpi to be served inside a
kubernetes cluster and use "edge-termination" for SSL traffic.
This means that the traffic goes from the browser to K8S as HTTPS which
forwards the traffic *unencrypted* to devpi. All links to resources like
CSS and JS files are rendered as "http" on the returned document which
causes the browser to block them.
On a wild guess I assume that devpi auto-detects the protocol? If that is
the case then is makes sense that the links are generated as HTTP instead
of HTTPS. Because the edge-termination of SSL traffic makes devpi
blissfully unaware that there is SSL in place.
So there would need to be a way to force devpi to generate links as HTTPS
instead of HTTP. Is there a way to do this?