11 Aug
2016
11 Aug
'16
8:01 p.m.
I want to stand up a mirror to proxy/cache the python packages my team is using behind our corporate firewall. A scale challenge we're having is that when Bob wants to use package X, we need to validate that all of package X's dependencies are published under one of a finite set of compliant OSS licenses. Any recommendations how to be more automated about this? Is this a feature of devpi that I just haven't stumbled upon yet? Is there a best practice for implementing this at a step prior to injection into the index? Any pointers/tips/recommendations welcome. Thanks, Andrew