Simply don't use inheritance on packages that exist in the child index. If
x exists in child index then don't include
x from the parent index. I haven't used a complicated inheritance scheme, and I don't know if others are, but this could be reduced to only excluded packages from
root/pypi. This is also the simplest solution, but also could be disruptive depending on how you are using devpi. I can't think of a case when I personally would want both
root/pypi and my private versions of a package included in the same index, but that's not to say it's not a valid use case for others. Valid permutations of this solution would be allowing inheritance of existing packages to be toggled per index.
This is the solution I'd like to see implemented. I actually have a (probably insufficient) implementation of this solution at
https://bitbucket.org/doki_pen/devpi. The change is
very simple.
Secure By ConfigurationThe other idea is less elegant and harder to implement, blacklisting inherited modules per index. This would involved extending the api to allow modules to be added to and removed from the blacklist on a per index bases. The advantage to this solution is that it would be less disruptive to any existing implementations of devpi.